Provisioning to Office 365 from Forefront Identity Manager

Hello All,

How do we a provision a user to O365 from FIM. Does Microsoft provide Out of box Management Agent?

Is there any other way to create O365 accounts other than the MA?

Thank you,

June 30th, 2015 3:40pm

1. Out of the box, so installed with FIM - no, there is no such agent. There is Azure Active Directory Connector for FIM 2010 available at Microsoft Download Center, but it not recommended for new installations. You should rather use AAD Connect to provision users to O365.

2. There are multiple ways - you can for example create them by script (and use a script inside FIM as a part of FIM Service's Powershell Activity or PowerShell MA).

Free Windows Admin Tool Kit Click here and download it now
June 30th, 2015 4:10pm

You are in for quite an adventure. Maybe Microsoft will eventually blog about it, probably after Microsoft Identity Manager is out. Currently it is, quite frankly, a mess.  If you are looking to provision an Exchange Online user, and you have a hybrid implementation of Office 365, you really have three problems to solve:

1. Provisioning the user locally, and waiting for DirSync to replicate the user to Azure Active Directory.

2. You need your on-premise Exchange infrastructure to create the mailbox in the cloud (execute the Enable-RemoteMailbox PowerShell command).

3. You must license the user for Exchange Online. This can only be done after #1 (replication to Azure) completes.

We accomplished this by using FIM to update an extentionAttribute to contain an XML structure (defined by us) that we created to specify the licensing and any additional Exchange options the user should get. That's all we felt comfortable having FIM do, stamp the user's extentionAttribute. Kinda sad. Then we have a regularly scheduled script that searches for objects in AD with the XML structure and performs the steps. It appropriately waits and continues to check users until they are replicated into Azure and completes the licensing process.

An alternative we also gave serious consideration to was to write a PowerShell Management Agent to do it.

July 1st, 2015 4:27pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics