New Office 365 and AD FS/DirSync Information Available

This post has been republished via RSS; it originally appeared at: Ask the Directory Services Team articles.

First published on TechNet on Jun 08, 2012
Hi folks, Jonathan here again. Adam Conkle has posted some new goodies related to Office 365 and AD FS/DirSync that may interest you. Take a look, and be sure to rate the content if you find it useful.


Client Access Policy Builder -

Short description:

Hotfix Rollup Update 2 for AD FS 2.0 had a new feature for Office 365 customers named Client Access Policy. Some organizations may want to create policies that limit access to Office 365 services, depending on where the client resides. For example, you might want to:

  • Block all extranet client access to Office 365
  • Block all extranet client access to Office 365, except for devices accessing Exchange Online for Exchange Active Sync

AD FS 2.0 provides a way for organizations to configure these types of policies. Office 365 customers using identity federation who require these policies can now use client access policy rules to restrict access based on the location of the computer or device that is making the request.

Today, customers must manually implement Client Access Policy rules within AD FS 2.0, and it can be confusing. The goal of Client Access Policy Builder is to automate the creation of these rules for the most common use case scenarios.

Microsoft Office 365 Federation Metadata Update Automation Installation Tool -

Short description:

This tool can be used to automate the update of the Microsoft Office 365 federation metadata regularly to ensure that changes in the case of the token signing certificate configured in Active Directory Federation Services 2.0 are replicated to the identity platform automatically.

Microsoft Office 365: DirSync - Count Total Synchronized Objects -

Short description:

‘DirSync - Count Total Synchronized Objects' shows total counts of users, groups, contacts, and grand total objects by extracting the FIM SourceAD Connector Space data to an XML file named SourceAD.xml.

When an object makes its way past the Office 365 DirSync filters, they become 'synchronized holograms' , and this tool parses the SourceAD.xml looking for synchronized holograms and counts the objects by object type.

The Office 365 Deployment Readiness Tool (DRT) assumes that you have not yet deployed Office 365 DirSync, and it is giving you total object counts, without having the ability to see if those objects will actually make it past the DirSync filters. 'DirSync - Count Total Synchronized Objects' allows you, now that you are in production with DirSync, to see more accurate numbers of objects that have made it past the filters.


Be sure to keep those questions coming. Yes, Ned is going to be busy for the next several weeks, but the entire Directory Services team is available to answer questions and point you to the best available resources.

Jonathan “What’s a lackey?” Stephens

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.