Follow these steps to configure a Microsoft Active Directory (AD) account to synchronize with Azure Active Directory (AAD) so that a non-uniqname account can be used with CrashPlan.

Background

The ITS Desktop Backup service powered by CrashPlan utilizes AAD for authentication.

• Uniqname accounts in UMROOT are configured to automatically sync with AAD, allowing AAD to be used to authenticate to some cloud services, including CrashPlan.

• Non-uniqname accounts are not synced this way. In some situations, logon to a university computer may be configured to use a non-uniqname AD account. If a device is used with a non-uniqname account and that device will be backed up using the Desktop Backup service, then it may be necessary to sync the non-uniqname account to AAD in order for CrashPlan to be used.

• IT staff with organizational unit (OU) admin permissions can configure non-uniqname accounts to sync to AAD. In order to do so, the account must be in the sub-OU of the organization’s OU in UMROOT.

Note that it can take up to 30 minutes for the account to become available in Azure Active Directory after being synced.

Process

1. On a UMROOT domain-joined Windows computer, run the Active Directory Users and Computers tool as an OU-admin user.

2. Click to enable Advanced Features within the View menu.

   Open

   

    

3. Expand adsroot.itcs.umich.edu, and then expand the UMICH and Organizations menus.

   Open

   

    

4. Navigate to the sub-OU that contains the user account you wish to sync to AAD. Right-click the user account, and then select Properties.

5. Select the Attribute Editor tab, and then click extensionAttribute8 to highlight it.

    

6. Click Edit to add a value for extensionAttribute8. Enter the value of “Sync”, and then click OK.