How to configure a hybrid environment with SharePoint 2013 and Office 365 operated by 21Vianet

When you want to learn how to plan, deploy, and manage a hybrid topology with SharePoint 2013 and Office 365, you can follow the guidance from the articles in Hybrid for SharePoint Server 2013. However, if you are in China and use Office 365 operated by 21Vianet, it is important to understand the differences between Office 365 operated by 21Vianet and SharePoint Server 2013 provided by Microsoft. To successfully deploy a hybrid topology with Office 365 operated by 21Vianet, there are certain endpoints, parameters, and resources that are specific to your region. This article describes these differences and explains how to adapt the guidance in Hybrid for SharePoint Server 2013.

DNS registration

DNS registration needs to be performed by the steps in the following article:

Create DNS records for Office 365 when you manage your DNS records

SSL certificate acquisition

The list of certificates from China Internet Network Information Center (CNNIC) that provide secure client connections can be found in Lync Online Service SSL certificate changes for client connectivity. Even though this article refers to Lync Online, the process for getting the certificates is the same.

Configure identity management for a hybrid topology

Configuring identity management is one of the crucial steps to ensure you have a successful hybrid environment. You can find the steps to configure identity management for a hybrid topology in Configure identity management for a hybrid topology in SharePoint Server 2013. However, in Office 365 operated by 21Vianet, there are several steps in the Configure identity management for a hybrid topology in SharePoint Server 2013 article that require different parameters:

  1. In the section Step 1: Set Variables in the article Configure identity management for a hybrid topology in SharePoint Server 2013, the $spcn and $metadataendpoint variables must be changed as follows. The changes are bolded for emphasis.

    Office 365

    Office 365 operated by 21Vianet

    $spcn="*.<public_root_domain_name>.com"

    $spcn="*.<public_root_domain_name>.cn"”

    "https://accounts.accesscontrol.windows.net/" + $spocontextID + "/metadata/json/1"

    $metadataEndpoint = “https://accounts.accesscontrol.chinacloudapi.cn/” + $spocontextID + “metadata/json/1/”

  2. In the section Step 3: Add an SPN for your public domain name to Azure Active Directory, a new Service Principal Name (SPN) needs to be added. In all hybrid topologies, the SPN .sharepoint.com is added automatically to the SPNs associated with your Office 365 tenant. In Office 365 operated by 21Vianet, you must manually add the SPN .sharepoint.cn by changing the commands in this step as follows:

    Office 365

    Office 365 operated by 21Vianet

    $msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid $spns = $msp.ServicePrincipalNames $spns.Add("$spoappid/$spcn") Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns

    $msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid $spns = $msp.ServicePrincipalNames $spns.Add("$spoappid/$spcn") $spns.Add(".sharepoint.cn") Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns

  3. There is a different version of the directory synchronization tool to use. To install the version that will work for Office 365 operated by 21Vianet, do the following steps:

    1. Sign in to Office 365 operated by 21Vianet using an account with administrative permission.

    2. In the left navigation panel expand Users and Groups.

    3. Click Active Users.

    4. On the dashboard, locate Active Directory synchronization: Setup

    5. Click Setup.

      Active Directory Synchonization Setup

    6. On the Setup and manage Active Directory synchronization page, in the Install and configure Directory Sync tool, click Download.

      Active Directory Synchonization Setup

    7. After the download is complete, you will need to configure directory synchronization. For more information on how to do this, see the Directory synchronization roadmap.

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!

×