將網域使用者同步處理至 Microsoft 365Synchronize domain users to Microsoft 365

1. 準備目錄同步處理1. Prepare for Directory Synchronization

在您從本機 Active Directory 網域同步處理使用者和電腦之前,請先複查 準備好目錄同步處理至 Microsoft 365Before you synchronize your users and computers from the local Active Directory Domain, review Prepare for directory synchronization to Microsoft 365. 具體說來:In particular:

  • 請確定目錄中的下列屬性沒有重複專案: mailproxyAddressesuserPrincipalNameMake sure that no duplicates exist in your directory for the following attributes: mail, proxyAddresses, and userPrincipalName. 這些值必須是唯一的,而且必須移除任何重複專案。These values must be unique and any duplicates must be removed.

  • 建議您為每個本機使用者帳戶設定 userPrincipalName (UPN) 屬性,使其符合與授權的 Microsoft 365 使用者相對應的主要電子郵件地址。We recommend that you configure the userPrincipalName (UPN) attribute for each local user account to match the primary email address that corresponds to the licensed Microsoft 365 user. 例如: mary.shelley@contoso.com ,而不是 mary@contoso。For example: mary.shelley@contoso.com rather than mary@contoso.local

  • 如果 Active Directory 網域以非可路由的尾碼(如 .com lan)結束,請不要依 internet 路由尾碼(如 .comorg)來調整本機使用者帳戶的 UPN 尾碼,如 準備目錄同步處理的非路由網域中所述。If the Active Directory domain ends in a non-routable suffix like .local or .lan, instead of an internet routable suffix such as .com or .org, adjust the UPN suffix of the local user accounts first as described in Prepare a non-routable domain for directory synchronization.

在下列步驟 4 (4) 中 執行 IdFix ,也會確定內部部署 Active Directory 已準備好進行目錄同步處理。The Run IdFix in step four (4) below, will also make sure your on-premises Active Directory is ready for directory synchronization.

2. 安裝及設定 Azure AD Connect2. Install and configure Azure AD Connect

若要將您的使用者、群組和連絡人從本機 Active Directory 同步處理至 Azure Active Directory,請安裝 Azure Active Directory Connect,並設定目錄同步作業。To synchronize your users, groups, and contacts from the local Active Directory into Azure Active Directory, install Azure Active Directory Connect and set up directory synchronization.

  1. 在系統 管理中心的左側,選取 [ 安裝程式 ]。In the admin center, select Setup in the left nav.

  2. 在 [登 入及安全性] 下,選擇 [從您的組織的目錄同步處理使用者] 底下的 [查看]。Under Sign-in and security, choose View under Sync users from your org's directory.

  3. 在 [ 從您的組織的目錄同步處理使用者 ] 頁面上,選擇 [ 開始]。On the Sync users from your org's directory page, choose Get started.

  4. 在第一個步驟中執行 IdFix 工具來準備目錄同步處理。In the first step run IdFix tool to prepare for Directory sync.

  5. 依照嚮導的步驟下載 Azure AD Connect,並使用它將您的網域控制的使用者同步處理至 Microsoft 365。Follow the wizard steps to download Azure AD Connect and use it to synchronize your domain-controlled users to Microsoft 365.

請參閱 設定 Microsoft 365 的目錄同步 處理以深入瞭解。See Set up directory synchronization for Microsoft 365 to learn more.

當您設定 Azure AD Connect 的選項時,建議您啟用 [密碼同步 處理]、[ 無縫單一 Sign-On] 及 [ 密碼寫回 功能],這是 Microsoft 365 for business 中也支援的功能。As you configure your options for Azure AD Connect, we recommend that you enable Password Synchronization, Seamless Single Sign-On, and the password writeback feature, which is also supported in Microsoft 365 for business.

注意

在 Azure AD Connect 中,除了核取方塊之外,還有其他一些步驟可用於密碼回寫。There are some additional steps for password writeback beyond the check box in Azure AD Connect. 如需詳細資訊,請參閱 how to:設定密碼回寫For more information, see How-to: configure password writeback.

如果您也想要管理已加入網域的 Windows 10 裝置,請參閱 Microsoft 365 商務版 Premium 以啟用已加入網域的 windows 10 裝置 以設定混合式 Azure AD 聯結。If you also want to manage domain-joined Windows 10 devices, see Enable domain-joined Windows 10 devices to be managed by Microsoft 365 Business Premium to set up a hybrid Azure AD Join.