I am currently working with an existing Office 365 subscription that needs to have a new instance of Windows Server 2012 R2 in Azure manage the users through Active Directory. The server 2012 VM is brand new and has nothing set up. I understand that when going the opposite way and creating a new 365 account you can simply use the DirSync tool and push your AD users to the 365 cloud.
I have not been able to get any support from MS on this, so I am wondering if anyone has any suggestions on how to get users from the cloud to AD so that I can eventually set up a SSO situation for server users.
Best Answer
What you are looking for is SMTP matching: http://support.microsoft.com/kb/2641663
Typically the way AD -> O365 sync works is that a unique identity value is created for each user in AD, then the user is pushed to O365. Updates are performed using the identity value to match the accounts.
SMTP matching tells the DirSync tool to initially match based on the primary SMTP address. Further syncs are accomplished using the identity value.
Also, make sure you read this, as it includes how to change the authority of your directory: Directory synchronization and source of authority