Send user and group data to the hybrid service

If your organization uses a supported, LDAP-based directory service—Windows Active Directory (Native Mode), Oracle (Sun Java) Directory Server, or Novell eDirectory—you can collect user and group data and send it to the hybrid service. This is accomplished using 2 components:

• Directory Agent collects user and group information from Directory Server and collates it for the hybrid service.
• Sync Service transports policy, reporting, custom PAC file information, and user/ group data between the on-premises and hybrid systems.

When the hybrid service is configured properly, the information from Directory Agent can be used to apply user- and group-based policies.

If the hybrid service uses directory data collected by Directory Agent to identify users, you have 2 options:

• Configure the hybrid service to automatically create a hybrid logon password for all user accounts sent by Directory Agent. Passwords are sent to each user’s email address in staggered intervals to avoid a sudden influx of email messages.
• Have users request their own password the first time they connect to the hybrid service from outside a filtered location. In order for the process to succeed, users must provide an email address that matches an account sent by Directory Agent. The password is then sent to that email address.

For this reason, be sure that your organization’s webmail address has been added as an unfiltered destination. See Specify sites not managed by the hybrid service.