I’m looking to get clarification on a specific behavior I'm seeing and how best to explain it.
I'm using SBS 2011 Essentials (SBSe) with the Office365 Integration Module (OIM). This provides a nice integration option and one relatively straightforward to set up and use. Once implemented you will get the convenience of managing most administrative chores from the SBSe console directly rather than having to spread the administration chores between the two environments.
My question has to do with the linking behavior of user accounts between the two systems (i.e. between the SBSe domain environment and the Office365 cloud environment).
Here is a working example for context and my ultimate question at the end.
On the SBSe side, I have a local domain called "mydomain.local" with a test user called "joeuser". For this SBSe environment the test user would log in the domain either with credentials in the legacy format "mydomain\joeuser" or via UPN format as "joeuser@mydoman.local".
In my example I’m also using a professional domain called “mydomain.com” as part of the Office365 service for email services. The account for the email test user is “joeuser@mydomain.com”.
Once the OIM is in place, creating a user in the SBSe environment yields a new name context namely…”mydomain\joeuser” gets what appears to be a new UPN attribute added to the user account profile as “joeuser@mydomain.com”.
In the end this produces a valid context for logging into either the local SBSe domain as well as the Office365 cloud service. What’s going on behind the scenes to do this ?
Don’t get me wrong, I’m not complaining. I actually welcome this and prefer this approach because it simplifies the end user experience such that the test user now only has one name and password to keep track of when accessing either environment. What I don’t understand is how the OIM is performing this magic. I know that an administrator can add a UPN suffix to the local domin via the Sites and Services tool, but this affects all user objects in the domain. By what method is the OIM doing this so that the UPN addition applies for a subset of users ?
Thanks in advance for your assistance with this request.
George
