Chat now with support
Chat with Support

Active Roles 7.2.1 - Azure Active Directory and Office 365 Administrator Guide

Azure_Overview Config ARS to Manage Hybrid AD Objects Managing Hybrid AD Users Managing Office 365 Contacts Managing Hybrid AD Groups

Configuring Sync Workflow to back-synchronize AD contacts

To configure sync workflow to back-synchronize contacts perform the following steps:


Step 1: Create Connection to Azure AD in the hybrid environment

Create a connection to Azure AD using the Microsoft Office 365 Connector. The configuration requires Microsoft Online Services ID, Password, Proxy server (if required) and Exchange Online services.

NOTE: Back synchronization of contacts uses Microsoft Office 365 Connector to establish connection to Azure AD . Back synchronization of users and groups uses the Azure AD Connector to establish connection to Azure AD.

Step 2: Create Connection to Active Roles in the hybrid environment

Create a connection to Active Roles using the Active Roles Connector. The configuration requires the local domain details and Active Roles version used. Define the scope to select the container from which the objects for synchronization must be selected.

Step 3: Create Sync Work flow

Create a Sync Workflow using the Azure AD and Active Roles connections. Add a Synchronization step to Update Azure Contacts to Active Roles Contacts. Configure the Forward Sync Rule to synchronize the following:

  • Azure ExternalDirectoryObjectIdproperty of a contact to the Active Roles contact edsaAzureContactObjectIdproperty.
  • Set the edsvaAzureOffice365Enabled attribute in Active Roles contact to True.

Step 4: Create Mapping

Create a Mapping Rule, which identifies the contact in Azure AD and on-premises AD uniquely and map the specified properties from Azure AD to Active Roles appropriately.


  • Based on the environment, make sure to create the correct Mapping rule to identify the contacts uniquely. In-correct mapping rule may create duplicate objects and the back-sync operation may not work as expected.
  • Initial configuration and execution of back-sync operation for Azure AD contacts ID is a one-time activity.


Managing Hybrid AD Users

Managing Hybrid AD Users

The Active Roles web interface enables you to perform administrative tasks such as create, read, update, deprovision, undo-deprovison, and delete Azure AD users in Hybrid environment. You can also perform other operations such as add and remove Azure AD users to Groups and assign Office 365 licenses to users. Some of the user operations can be performed using the Management Shell in addition to the web interfcae.The following section guides you through the Active Roles web interface and Management Sell to manage Azure AD users.

Azure AD user management tasks using UI

Managing Hybrid AD Users > Azure AD user management tasks using Web interface

Azure AD user management tasks using Web interface

Active Roles web interface enables you to perform the following management tasks for Azure AD users:

Create a new Azure AD user

You can use the Active Roles Web Interface to create and enable a new Azure AD user. You can also assign Office 365 licenses to the new user.

To create a new Azure AD user

  1. On the Active Roles Web interface Navigation bar, click Directory Management.
  2. On the Views tab in the Browse pane, click Active Directory.

    The list of Active Directory domains is displayed.

  1. Click the domain in which you need to create a new user.
  2. In the list of objects displayed, click the required Container or the Organizational Unit.
  3. In the Command pane, click New User.
  4. In the New User in <OU name> ->General wizard, enter the user details such as First Name, Last Name, Initials, and User logon name.
  5. Click Next.
  6. In the Account properties wizard, click Generate to generate a password for the Account, select the required Account options and then click Next.

    Alternatively, you can set the password manually and re-enter in the Confirm Password field to confirm the entered password.

  1. In the Create Azure Account wizard, select the option Create Azure Account.

    The Azure AD account details for the new user are generated automatically and populated in the respective fields.

    NOTE: The Temporary Password field is populated with the default password set for the Active Roles user. You can re-set the password for the Azure AD account if required.

  1. From the User Principal Name drop-down list,select the AD domain to which you want to associate the Azure AD user.
  2. In the Usage Location field, enter the two-letter location code of the location where the product will be used.

    NOTE: The Usage Location field is a mandatory field. The licenses cannot be assigned to the product if the product usage location information is not available. The local rules and regulations for usage of the product and services may vary based on the location.

  1. Click Next.

    The Licenses wizard displays the Office 365 licenses, for example the Office 365 Business Essentials and Business Premium licenses, and the number of licenses that are available to assign to the user.

  1. Select the check boxes corresponding to the license that needs to be assigned to the user, and click Finish.

The licenses assigned can be viewed on the User Azure Properties->Licenses wizard.

Related Documents