Services Integration Overview for Windows Server 2012 R2 Essentials - Part 1

Services Integration Overview for Windows Server 2012 R2 Essentials - Part 1

  • Comments 20
  • Likes

Hi, this is Yuheng, program manager on the Windows Server Essentials product team. In this blog post, I would like to give you an overview of Services Integration, which will be followed by an additional post that is specific to new features in Windows Server 2012 R2 Essentials: SharePoint Online integration and Exchange ActiveSync integration. I will start with the most fundamental piece of the Services Integration pillar, Windows Azure Active Directory integration, as well as the major day-to-day management tasks associated with it.

More and more small and medium-sized businesses are beginning to adopt mainstream cloud services such as Office 365. While adopting cloud services helps to increase IT capabilities and also provides predictable operational costs, it leads to a new challenge—how to manage on-premises resources and cloud services effectively. In Windows Server 2012 R2 Essentials, the Dashboard continues to play an important role in addressing this new challenge.

Identity management is one of the fundamental elements in an IT environment that needs to be properly planned and managed. Active Directory in Windows Server is the leading technology for on-premises identity management. As cloud services continue to emerge, Microsoft has introduced a new Internet-friendly identity management technology—Windows Azure Active Directory—which is itself a cloud-based service. Today many mainstream cloud services such as Office 365, Windows Intune, and others offered by SaaS providers, are either leveraging Windows Azure Active Directory or are being well integrated with it. Windows Server 2012 R2 Essentials can be easily integrated with Windows Azure Active Directory to provide some key benefits for managing cloud services.

Password synchronization between on-premises Active Directory and Windows Azure Active Directory

After Windows Server Essentials is integrated with Windows Azure Active Directory, password synchronization is started automatically between your on-premises Active Directory and Windows Azure Active Directory. Please note that password synchronization is set to be one-directional, where a password in the on-premises Active Directory always takes precedence over what’s in Windows Azure Active Directory. The password synchronization happens instantly when a password is updated in the on-premises Active Directory. With this feature, the end user experience is improved by seamlessly using the same password when authenticating to on-premises resources and applications as well as their cloud services (e.g., the same password is used for both the local network account and for Office 365). You can extend this benefit to other cloud-based applications that are custom built for your organization by leveraging the Windows Azure Active Directory integration capabilities and Graph API for authentication and authorization. Learn more

Centralized day-to-day management

To address the new challenge of managing both on-premises and cloud resources in today’s IT environment, the Windows Server Essentials Dashboard is designed for getting most, if not all, of your day-to-day management tasks completed in just one place. New management tasks that can now be performed in Windows Server 2012 R2 Essentials include the following:

  • Online user account management (for both Office 365 and Windows Intune)
  • Distribution group management (Exchange Online distribution group)
  • User group management (for both local network and the Windows Azure Active Directory security group)
  • SharePoint Online Library and Exchange ActiveSync management
  • Online service subscription plan/license management: multiple subscription plans are supported and their licenses can be assigned through the Windows Server 2012 R2 Essentials Dashboard; with these new management capabilities, IT admins can easily on-board new employees by provisioning local and online resources directly within the Dashboard.

Here is a screenshot of the entry point for enabling Services Integration from the Dashboard’s Home page:


You should be aware of the following before you deploy Services Integration features:

  1. Windows Azure Active Directory integration will be turned on automatically when you turn on either Office 365 or Windows Intune. This is because they both leverage Windows Azure Active Directory as a common identity platform.
  2. Currently, the Services Integration features, including Windows Azure Active Directory integration, Office 365 integration, Windows Intune integration, and on-premises Exchange integration, are only supported in a single domain controller environment. In addition, the integration wizard must be run on a domain controller.

Part two of this series will be an introduction to the SharePoint Online integration feature and Exchange ActiveSync integration. In the meantime, I’ll like to encourage you to download the trial of Windows Server 2012 R2 Essentials and to join the conversation in our forum.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Can you clarify if this works with all Office 365 plans?

  • yes, it supports all Office 365 plan (registered under same tenant admin account).

  • Do you know when will Windows Server 2012 R2 Essentials will be available for purchase?

    Thanks for the post.

  • Windows Server 2012 R2 including Essential/Standard/Datacenter all are available in the market. Please check out:

  • How do I upgrade my existing Server 2012 Essentials AD AND environment to a Server 2012 R2 Essentials AD environment? My current 2012 Ess. AD is getting tired (hardware). I need to move this domain.local to a new server 2012 ess. R2 installation and keep the same users, computers for my existing System Center 2012 (which of course needs to move up as well.) All I can find is ambiguous notes, usually preview notes.

    1. How do I prep the old?

    2. Add the new r2 replacement?

    3. Retire the old?

    4. Keep the AD as it was for System Center/Server/SQL 2012 svc accounts, DNS etc.

    I have a fair sized local three 2012 server lab setup (2 as Hyper-V) and need to migrate per MPN rules that my current server versions will expire by next year.

    I would think someone has done this somewhere...How can I get started?

  • Just read the line re single domain controller environments only for Azure AD and 365 integration. I have a support case open for this at the moment. Is this going to change and where is this limitation documented? Really devalues the Essentials Experience role for many environments where it would bring great benefit.

  • Although no real answer has been posted - another google search using a common statement from older migrations (Server 2008 r2 to 2012) gave me this after a bit of twitching to the root site.

    Hope this is helpful. This was very hard to get info on for the past few months, especially after the 'Preview' links that were of little value.

    'This guide describes how to migrate from previous versions of Windows Small Business Server and Windows Server Essentials (including Windows Server 2012 Essentials, Windows Small Business Server 2011 Standard, Windows Small Business Server 2011 Essentials, Windows Small Business Server 2008, and Windows Small Business Server 2003) to Windows Server 2012 R2 Essentials. It also includes instructions for migrating the settings and data to Windows Server 2012 R2 Essentials, and it describes how to remove your existing server from the Windows Server 2012 R2 Essentials network after you finish the migration.'

    Migrate from Previous Versions to Windows Server 2012 R2 Essentials

  • This might be an obvious question, but how do passwords work between Office 365 accounts and local AD accounts? Is that was this article is describing?

    Example: I have an SBS 2003 server, and migrate to Server Essentials 2012 R2. I migrate my mailboxes to Office 365. Do the passwords sync up between Office 365 and the local AD accounts? I have not used Office 365 before, so i'm trying to get a better idea of what is going to happen.

  • The single domain controller requirement is really a major pain when you are migrating from an existing platform.

    Sometimes migrations are multi-day events.

    It makes it challenging that you can't take advantage of office 365 and AD password synchronization until you have demoted and taken your source server off the network.

  • During testing Windows Essentials Server we did a successful Azure AD Integration of one of our tenants. However, we then deleted test vm without deactivating the AD Integration. We then installed a new Essentials Server on our live System and tried to activate again the AD Integration. Unfortunately this is not possilbe anymore and ends up with errors. When trying to activate AD Integration for other tenants on the same server everything works fine (tried with 3 different).

    So it seems that due to the fact that we did not deactiviated AD Integration with the test Server there is some Kind of record still with the tenant on the azure side.

    Does anyone now how to solve this issue?