User management for Office 365 is not hard as you think. All you need is to define what to do before the migration/cut over. To be honest, after getting experience on Office 365, I have started thinking that ADFS is the best solution after the cut over. Even though Dirsync looks proper solution and it is easy solution because ADFS requires more server if you need HA.
User management can be describe in 3 ways. Installing and management Dirsync, managing users in Office365. I know I said 3 ways but typed 2 ways. Don’t worry I will fill the gap soon.
If your system has Active Directory and you want to move the users from AD to Office 365, Dirsync is the easiest solution. Install it into a windows server and open the port on firewall to Office 365. That’s it. However, it needs to be scheduled and that depends on your number of users. For example, a company uses 3 hours periods. During 3 hours, if an user changes the AD account’s password, before the migration, user having problems. Sync hasn’t been done and AD password hasn’t been synced. Therefore, login to computer requires the new password while Office 365 needs old password. That’s why we need 2 methods to manage users. Dirsync and Users in Office 365.
What is 3rd option then? ADFS is the best solution if have large number of users. Installing ADFS into core system (Server VLAN) and ADFS proxy to DMZ is required. If you need High Availability (HA) then 2 ADFS Proxy needed. In this method, you don’t need to manage user’s password because every time the password required, Office 365 will ask it to ADFS proxy that contacts to ADFS and AD to confirm that the password is accurate.
It is obvious that there is one more way we need to talk because we always discard it. It is the user management for small business that doesn’t have AD in their system. So, they need to create the users manually and they need to memorize two passwords that one is Windows password (if they have) and Office 365 password.
If we discard the last option again, first three options need to be considered carefully before the migration. Each of them requires cost, time and different troubleshooting skills.