步驟 3: 同步您的 active directoryStep 3: Sync your active directory

本文是用來針對想要整合內部部署 active directory 與 Office 365 的客戶。This article is meant for customers who intend to integrate an on-premise active directory with Office 365. 如果您不需要整合內部部署的目錄,並想要佈建僅限雲端身分識別,您可以略過此步驟中,並繼續進行同步處理您的 SIS 使用 School Data SyncIf you do not need to integrate an on-premise directory, and intend to provision cloud-only identities, you can skip this step, and proceed to Sync your SIS with School Data Sync.

有三種方法可以將您設定身分識別移至 Microsoft 365 教育版。There are three ways to move your identities to Microsoft 365 Education.

  1. AAD 連線使用密碼雜湊同步處理建議的路徑AAD Connect with Password Hash Sync: Recommended Path

    若要從內部部署 active directory 移動最有效率的路徑使用AAD 連線使用密碼雜湊同步處理進行驗證。The most efficient path to move from an on-premise active directory is using AAD Connect with Password Hash Sync for authentication. 此路徑不容易且便宜部署,因為您可以使用 Azure AD Connect快速設定This path is easier and cheaper to deploy because you can use Azure AD Connect Express Settings. 快速設定為預設選項,以及用於最常部署案例。Express Settings is the default option and is used for the most commonly deployed scenarios. 您只需要管理一部伺服器,並此路徑可讓您無縫單一登入,以及雲端多重要素驗證。You will only have to manage one server and this path will give you seamless single sign-on, and cloud multi-factor authentication.

  2. AAD 連線使用 Passthrough 驗證AAD Connect with Passthrough Authentication

    如果您需要從您自己的內部部署 active directory 管理密碼驗證要求,您仍會使用AAD 連線,但您必須使用 Passthrough 驗證選項,而不是密碼雜湊同步處理。 Azure Active Directory (Azure AD)通過驗證可讓使用者登入內部部署和雲端式應用程式使用相同的密碼。If you need to manage password authentication requests from your own on-premise active directory, you will still use AAD Connect, but you will need to use the Passthrough Authentication Option instead of Password Hash Sync. Azure Active Directory (Azure AD) Pass-through Authentication enables users to sign in to both on-premises and cloud-based applications using the same passwords. 當使用者登入使用 Azure AD 時,這項功能會驗證直接針對您在內部部署 Active Directory 使用者的密碼。When users sign in using Azure AD, this feature validates users' passwords directly against your on-premises Active Directory. 此路徑是組織想要強制執行其內部部署 Active Directory 安全性及密碼原則。This path is for organizations wanting to enforce their on-premises Active Directory security and password policies.

  3. Active Directory 同盟服務 (ADFS)Active Directory Federated Services (ADFS)

    如果您需要有內部部署受管理的多重要素驗證 (MFA),您必須使用Active Directory 同盟服務 (ADFS)If you need to have on-premise managed Multi-Factor Authentication (MFA), you will need to use Active Directory Federated Services (ADFS). 當您選擇此驗證方法時,Azure AD 送出至內部部署 Active Directory Federation Services (AD FS) 來驗證使用者的密碼驗證程序。When you choose this authentication method, Azure AD hands off the authentication process to the on-premises Active Directory Federation Services (AD FS) to validate the user’s password. 除非您需要聯盟的單一登入與內部部署密碼管理我們不建議此選項。We do not recommend this option unless you need federated single sign-on and on-premise password management. 此路徑是更難且最耗費成本、 需要的多部伺服器,管理及才有意義的學區複雜安全性 」 設定與需求。This path is more difficult and expensive, requires the management of multiple servers, and is only relevant for districts with complex security set-up and requirements.

aad-connect-and-adfs.PNG

檢視本文件說明如何設定 Office 365 的目錄同步處理的其他內容。View this document for additional context as to how to set up directory synchronization for Office 365.

如果您仍然不確定要選擇哪個路徑,請使用本指南的各種 Azure AD 登入方法的比較,以及如何選擇貴組織的權限登入方法。If you’re still not sure which path to choose, use this guide for a comparison of the various Azure AD sign-in methods and how to choose the right sign-in method for your organization.

完成同步處理您的 active directory 之後,請繼續進行步驟 4您使用 School Data Sync 的 SIS同步。After you have completed syncing your active directory, please proceed to Step 4 to Sync your SIS with School Data Sync.