Decide How to Provision Users for Live@edu

Applies to: Live@edu

Topic Last Modified: 2011-12-02

There are several tools you can use to create and manage user accounts in Live@edu.

To create just a few user accounts, and for day-to-day user management, use the Exchange Control Panel. However, when you have a lot of accounts to create or need to keep accounts synchronized with a directory service, you'll want to bulk-create new user accounts with the tools described here.

Bulk-create new user accounts

Here's how you can create a lot of accounts at one time:

Bulk provisioning with a CSV file If you have an existing data source, such as a directory service or student information system, you can export a CSV file that contains information about the users from that data source and use it to bulk-create new user accounts. We support two bulk user creation options using CSV files.
- Import users in the Exchange Control Panel Upload your CSV source file to the Microsoft datacenter using the Exchange Control Panel. This is the recommended method for bulk user creation. For more information, see Import New Exchange Online Users with a CSV File.
- CSV_Parser.ps1 script This pre-configured Windows PowerShell script can be used for account creation and maintenance. We recommend that you use this tool to script account maintenance. For more information, see Create and Configure Recipients with the CSV_Parser.ps1 script in Live@edu.
Automated directory synchronization You can use Microsoft Forefront Identity Manager (FIM) 2010 or Microsoft Identity Lifecycle Manager (ILM) 2007 with management agents to automate account creation by synchronizing user information from your on-premises directory service to the cloud-based e-mail service.
- If you’re using on-premises Active Directory Domain Services (AD DS) or Active Directory directory service, you can use the OLSync management agent for exporting data to Outlook Live.
- If you are using a different on-premises directory service, you can use FIM 2010 or ILM 2007 components to automate address book synchronization and provisioning as part of your own customized solution. However, a customized solution typically requires a partner’s help to implement.

Compare account management tools

Choose the tool that best meets your requirements and available resources.

Tool	Description	System requirements
Exchange Control Panel	A simple Web-based tool, the Exchange Control Panel can be used to create, delete, and modify user mailboxes, groups, and contacts. For bulk user creation, Import New Exchange Online Users with a CSV File.	To use all the features available in the Exchange Control Panel, see Supported Browsers for Outlook Web App and Exchange Online.
Windows PowerShell	A command-line shell and scripting language, Windows PowerShell can be used to create, delete, and modify user mailboxes, groups, and contacts for on-premises Exchange Server and for Outlook Live. Use the `CSV_Parser.ps1` script or custom scripts for bulk user creation and to automate account management tasks.	See Use Windows PowerShell in Exchange Online.
FIM 2010	An automated directory synchronization tool used to replicate and synchronize user information from Active Directory to Outlook Live. FIM 2010 can be used to create, delete, and modify user mailboxes, groups, and contacts when those same operations are performed in AD DS or Active Directory. The 64-bit version of the OLSync management agent is used with FIM 2010.	See OLSync Prerequisites for Live@edu.
ILM 2007	An automated directory synchronization tool used to replicate and synchronize user information from Active Directory to Outlook Live or Hotmail. ILM 2007 can be used to create, delete, and modify user mailboxes, groups, and contacts when those same operations are performed in AD DS or Active Directory. The 32-bit version of the OLSync management agent is used with ILM 2007.	See the following: Provisioning Windows Live IDs with ILM and MAv3 for Outlook Live OLSync Prerequisites for Live@edu

Management agents

FIM 2010 and ILM 2007 each require installation of a management agent:

The OLSync management agent is designed to be used with Outlook Live. Two versions of OLSync are available: a 64-bit version to use with FIM 2010 and a 32-bit version to use with ILM 2007.
The MAv3 management agent is designed to be used with Hotmail.
- If you migrate your domain from Hotmail to Outlook Live, you can continue to use MAv3, or you can uninstall MAv3, and then install OLSync. OLSync has additional features that let you synchronize with the Outlook Live address book and groups.
- For more information about how to uninstall a management agent, see OLSync Prerequisites for Live@edu.

The following table lists the features of each management agent.

OLSync	MAv3
Create mailboxes. Set passwords. Create mail-enabled users with on-premises mailboxes. Address book synchronization. Group synchronization. Recommended for use with Outlook Live. 32-bit version works with ILM 2007. 64-bit version works with FIM 2010.	Create mailboxes. Set passwords. Set Windows Live ID attributes. Recommended for use with Hotmail. Can also be used for domains that are migrated from Hotmail to Outlook Live. 32-bit version works with ILM 2007.

What else do I need to consider?

Consider the following user configuration options when you're getting ready to create user accounts.

Configuration option	Description	Next step for administrators?
Shared address book	Faculty and staff contact information is available in the students' shared address book in the cloud-based service.	You can use any of the account management tools to populate the address book with faculty and staff contact information.
Hide student contact information	Student contact information can be hidden from the shared address book by applying a mailbox plan to the student's account. You can make this the default setting, or you can selectively hide individual accounts. This mailbox plan can help satisfy some of the privacy and compliance requirements of acts such as the Family Educational Rights and Privacy Act (FERPA) in the United States or the Data Protection Act in Europe.	You'll need to use Windows PowerShell to assign the appropriate mailbox plan. Learn how: Mailbox Plans Hide a User from the Shared Address Book in Live@edu If you want to hide student contact information by default, you should change the default setting before you start to create user accounts.
Simplify on-boarding of users	If account names and passwords are standardized based on information known to the student, you can let all students know the standards and the URL of the sign-on page. You can also use your CSV file as a data source for a merge document or e-mail, and distribute the individualized information to students.	Learn more at Send a Welcome Message to New Users.
Assign roles to users	You use role based access control (RBAC) to assign capabilities to users. All permissions and capabilities are defined by roles. When you assign a role to a user, the user is then able to perform the tasks that are defined by the role.	Learn more at Role Based Access Control in Exchange Online

What's next?

To decide how to authenticate users, see Live@edu Authentication Scenarios.