DirSync to Office365

Similar Messages

• Exchange server 2003 org decomission before DirSync with office365

  Hi,
  I am looking to do DirSync of passwords between local and office365 domain.  I have migrated all exchange services to office365 a couple of years ago, but still have old exchange 2003 server. 
  I plan to completely decommission and remove the exchange organization.
  Question is once that is done, is there any concern about using DirSync?  I thought that all attributes will sync during this process, so not sure if I could possibly be removing attributes that are needed as the exchange 2003 organization is removed,
  which in turn can maybe cause sync issues with my current office365 production environment.
  I do not run any type of hybrid setup, and not looking to do Single-Sign-On, I am only attempting to sync passwords with specific accounts.
  Can I safely uninstall and remove my exchange 2003 organization (a single 2003 exchange server)?
  Thank you

  Hi,
  This sounds like an ok method, (my one helpdesk technician does not manage my AD apart from password reset), since I am the only tech really to handle the AD - create users etc..
  1. You mention setting exchange attributes, could you elaborate on what exchange attributes?  Since I am removing my exchange organization locally (single exchange 2003 server) I assume there will no longer be any exchange specific attributes.  By
  removing the exchange 2003 server org, will I be missing any attributes in order to use AAD Sync?
  2. Also, do you know how difficult or easy it is to remove AAD Sync, if I choose to simply keeping cloud authoritative?  Any concerns or potential issues you can think of?
  Thank you
  Robert
  You extended your AD schema when Exchange was introduced.  Even if Exchange goes away, those attributes are forever defined in your forest, and will need to be populated
  somehow for use with *Sync & Exchange Online. If you don't keep an Exchange Hybrid server, as mentioned above, and also don't want to use ADSIEdit, you may consider a tool such as:
  Z-Hire Active Directory, Exchange, Lync, Office 365 User Creation Tool
  EXCHANGETASKS 2013
  As for the difficulty in removing AADSync - its really easy.  You'd just throw the server away and disable sync in your Azure AD tenant (one button).  Sounds like the main downside in your case would be:
  no more password sync
  you have to create users twice.  once on-prem for on-prem stuff, and again in Azure AD (o365).
  Mike Crowley | MVP
  My Blog --
  Baseline Technologies

• AD schema preparation for Lync Hybrid

  Hi,
  actually we are using Lync online via Office 365 (Lync Online). Our AD is synchronized via DirSync to Office365. There was never an onpremise environment. Now we want to deploy a Lync Hybrid environment and for that reason we need to prepare our local
  AD schema.
  Are there any side effects while preparing our AD caused through synchronizing with DirSync to office 365? The new Lync attributes in our local AD are empty at the beginning. Are there any problems with Lync Online if these attributes will be synchronized
  to Office 365?
  How should we proceed?
  regards,
  Mario

  As soon as you install Lync onprem the msRTCSIP-* AD Attributes are getting synced into Azure AD. This might cause a problem with Lync
  Online users. This is covered here: http://365lab.net/tag/msrtcsip-userenabled/
  Please be aware that all internal and external DNS are now pointing to Lync online... In a hybrid environment they should point to the onprem pool. 
  I would filter out all msRTCSIP-* properties from the AD Sync first, then install onprem. Don't change the DNS entries in the beginning. Make sure your Lync onprem is working correctly, then schedule
  a downtime change the DNS entries, check your edge server (this is vital for hybrid). Remove the filter from the AD Sync and then activate hybrid configuration.
  I am not sure if there's a technet description for what you are planning to do.

• AD Integration With Office365

  Hi,
  Our Current Scenario:
  We have Active Directory with 150 users (Single Forest & Single Domain) on Windows Server 2012 R2.
  Our Current Email Server is Google Apps where we have 150 users already so basically our user does not have facility for Single Sign on they have two password one for computer login (Domain Password)
  and one Google Login (Email Password).
  What we want To DO:
  Now we want to migrate all of our users on Exchange Online (Office 365), we also want to enable Single Sign On (Example users have only one password for both computer login and email Login Just be
  like Exchange on Premises.
  I have following question in mind.
  How can we integrate our current Active Directory with Office365?
  I Google it and found that AD can be integrate with Active Directory Federation Service is this true? What are Pros and Cons for ADFS?
  Should we need to take extra subscription of Windows Azure for integrating our Active Directory with Office365?
  What happens with those users who have account in AD and also on Gmail  like UPN names are same 
  Example [email protected] (Email Account)
  ABC (Domain Account)
  Will these two conflict with each other or what happened if we integrate AD?

  Hello!
  So, let's tackle each point one-by-one
  First, as you found in your research, you would establish integration between your Active Directory and Office365 via Directory Synchronization, and this is established by using Active Directory Federation Services.
  As for Pros and Cons, I am not really sure what you mean there. The pros would be that you are able to achieve the functionality that you seek out. You would be able to set up Directory Synchronization and SSO with ADFS, and once that is done, you conduct
  all your user management from your On-Prem Active Directory Users and Computers when it comes to user management. The Cons might be that you should not deploy ADFS on a Domain Controller, so you will need to launch another server in your environment to accommodate
  this. You will also need to obtain a public SSL certificate for the ADFS deployment.
  There should be no additional Office 365 subscription purchases needed to enable and use directory synchronization.
  As for your Gmail users, if you are looking to migrate them to Office 365 using Exchange Online, you will need to perform a IMAP Migration, which requires that you set up the Exchange accounts in Exchange Online in advance. This should work out well for
  you, because you can set up the Exchange account as you migrate your users into Office 365 with Directory Synchronization and then assign the proper  licensing to each user. Then, once the Exchange mailbox is in place, you conduct the IMAP migration,
  which moves  mail-only items from the users' existing Gmail inboxes into their new Exchange Online mailboxes.
  I hope that helped answer your questions and alleviated some concerns. Obviously you will still need to do a bit of research for the details on conducting the directory synchronization and email migration from Gmail, but  there is great documentation
  out there for both. To get started with the DirSync with SSO,  I have published a blog post that deals with prepping for DirSync and setting up a lab with ADFS and DirSync, and it will definitely help you get started in the right direction: http://blog.msucguy.com/2015/04/office-365-directory-synchronization.html.
  If there is anything else I can help elaborate on a bit more, let me know!
  -Regards
  Josh B. | MCITP: Enterprise Administrator

• Upgrading DirSync for Office 365

  Is there a good technical document on the upgrade process from DirSync
  6092.42 to latest version
  6553.0002 ?  and are there any known issues (or bugs) people have encountered ? 

  Hi,
  This is the forum to discuss questions and feedback for Microsoft Office client. There is not so much about
  Office 365 Server/Directory integration aspects here, I would suggest you to post in the dedicated forum of
  Office 365 Community, where you can get more experienced responses:
  http://community.office365.com/en-us/f/default.aspx
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  Regards,
  Ethan Hua
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Extending AD schema to sync to Office365

  Hi, we currently are running a fresh AD environment that has never been exposed to Exchange. We are running DirSync to sync AD to Office365 (one way). We're currently unable to manage several attributes due to not ever having an Exchange installation, so
  we simply need to extend our AD schema to add the necessary attributes. This seems to be a somewhat common problem, but there doesn't seem to be any official documentation/procedure for fixing. Here's a few things that really need clarification, for anyone
  looking to extend their schema for Office365 purposes:
  1. Which Exchange installation to use to extend schema?
  2. The objects that were synced to Office365 initially had some of the attributes we're now missing. Should we be concerned about overwriting these attributes with null values after the schema extension? What is the best method to address these concerns?
  Is there a list of attributes provided by the schema extension so we can check what may be overwritten?
  Thanks and please help!

  1. Which Exchange installation to use to extend schema?
  I always used Exchange Server 2013.
  2. The objects that were synced to Office365 initially had some of the attributes we're now missing.
  Should we be concerned about overwriting these attributes with null values after the schema extension? 
  If something is wrong with the sync then you should be able to see it on DirSync after the sync attempt. The list of synced attributes is mentioned here: http://social.technet.microsoft.com/wiki/contents/articles/19901.dirsync-list-of-attributes-that-are-synced-by-the-azure-active-directory-sync-tool.aspx
  Of course, the data are synced from AD to Office 365 so you need to take in consideration that your data will be overwritten. The good approach would be to populate these attributes in AD before running the sync.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Decommission Exchange Server 2013 after migration to Office365

  We had an on-premises Exchange Server 2013 failure with multiple hard disk failures.
  Since we already had an Office365 E3 plan, we decided to bite the bullet and move to Exchange Online.  Since we did not have ADFS or Dirsync yet and time was against us to get email flowing as quickly as possible, we imported all the users into Office365,
  i.e. disconnected from our AD.
  We then setup all their Outlook 2013 profiles with Office365 and imported their mailboxes from PSTs, so they are all up and running on Office365 now (still disconnected from our AD).
  I would like to decommission our on-premises Exchange 2013, since our current setup is not very common, i.e. Office365 mailboxes which are not linked to our AD.
  I would like some pointers and guidance how to go about this.
  Thanks
  Chris

  Hi 
  As per your description i can see that your on-premise exchange servers are running with no users, no services integrated with Office 365 users and no adfs dirsync 
  So in this scenario you can do a normal uninstallation of Exchange 2013 servers
  Before uninstalling a Exchange 2013 Server,
  Make sure all the console related to Exchange server are closed
  Mailbox databases on that server has to be removed
  Uninstall Exchange server from control panel
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Implications of changing UPN suffix in preparation for Office 365 & DirSync

  Hi,
  I hoping someone can add their experience and recommendations for implementing DirSync with a new Office 365 installation. My client's current UPN suffix is xxx.local. We need to change this to their routable internet address of xxx.com. I've read how
  to add the suffix to the domain and I've seen some posts about how to script this conversion.
  http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/4e4cc3d7-8774-4978-8d52-04a5b5994923
  Is it as simple as this above thread describes? Any gotchas to watch out for? Thanks!

  Hello,
  for Office365 there is a specific forum
  http://community.office365.com/en-us/forums/default.aspx
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://msmvps.com/blogs/mweber/
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

• DirSync without exchange 2003

  Hello,
  I am currently operating in the cloud fully, without any hybrid setup.  But I have an old exchange 2003 server, from which I migrated to office365 still in the AD domain.  I plan on fully removing it and any exchange organization information.
  My question is, once I fully remove exchange 2003 org from my environment, including the attributes with it, is it still ok to use DirSync with password sync in order to sync passwords with Office365?  My concern is that since I only have a standard
  2003 domain (now without any exchange attributes), that the syncing could cause some changes in Office365.  Since I have about 120 users operating for 2 years now fully in Office365, I need to ensure that nothing will be effected if I choose to setup
  DirSync.
  Any clearification and further documentation greatly appreciated.
  Thank you

  Hi,
  Some additional info which can be good to clarify. As mensioned before, moving from Cloud Identies to Synchronized identities requires you to "match" your on prem Active directory users with the ones in the cloud. If that is not done properly,
  you'll end up with duplicate users.
  Here's a blogpost link on the topic that also includes a script that probably will help you on your way (will however not work if you don't have 2008R2 domain controllers without modification)
  http://365lab.net/2014/04/18/office-365-migrate-from-cloud-identities-to-dirsync/.
  Also note that from the moment you have started to use synchronized identities, as of now, you need to start manage alias email addresses and other attributes for your users in your local Active directory.
  Hope this helps,
  Johan
  Microsoft Certified Trainer
  MCSE: Desktop, Server, Private Cloud, Messaging
  Blog: http://365lab.net

• Existing Office365 Tenancy STANDALONE - moving to hybrid...

  Hi guys,
  We have Exchange 2013 on premise, working fine, serving users with our main domain. (domain.com)
  We also have a separate Office365 tenancy, with a subset of users that have a subdomain (sub.domain.com). These users logon to Office365 with credentials stored on just Office365 - they are not federated with our on-premise Exchange / AD.
  We are now looking at merging these two environment e.g. moving to a true Hybrid, with the goal being that the users we have on Office365 can have our primary domain as an email address (domain.com) as well as their current subdomain address.
  There doesn't seem to be much online about this - it's a slightly unusual situation... If I was to implement the usual plan of ADFS and DirSync and integrate our on-prem, what happens to the existing accounts on Office365? Would they stay as authenticating
  as they are - e.g. against the current MS accounts? If so can I move them so they are authenticated using an AD user object via federation? How would one do this? Would this just "magically" happen if there is a matching AD user object, could I match
  the account using the GUI or would I need to run a PowerShell command?
  Thanks - Steve

  Hi,
  Since this issue is more related to Office 365, it's better to post your question to the Office 365 Community forum:
  http://community.office365.com/en-us/f/default.aspx
  The reason why we recommend posting appropriately is you will get the most
  qualifiedpool of respondents,
  and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  Steve Fan
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Office365 with Azure AD

  Dear all,
  I have used DirSync to sync my users with Office365, however the user have different usernames (I am not talking about the domain suffix). For example some users show as [email protected] and others show as [email protected] On my on-premise AD all
  the users are configured with b.smith@... format for login (under their account settings) I just trying to figure out which user attribute DirSync push to Azure AD, I think it may be the maiNickname?
  I would like to understand where this attribute is take from and why it is different for various users and also how I can change all my user from BobSmith@ to b.smoth

  Hi Mika,
  Based on the your discription, the quesion is more related to Office 365 cloud. I’m sorry we have limited resources and support for client configurations. Try to post your question to the forum for Office 365, it it ok for you?
  http://community.office365.com/en-us/forums/default.aspx
  Cheers,
  Tony Chen
  Forum Support
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  If you have any feedback on our support, please contact
  [email protected]
  

• Dirsync Configuration Setup Fails

  During Dirsync setup after local AD and AAD credentials are entered the configuration fails .
  I get the following error
  Service MSOnlineSyncSchedule was not found on computer
  Using
  Windows Server 2008 R2
  Paul

  Greetings, Paul!
  This issue might be caused if the service account
  MIIS_Service doesn't have "Logon as a service"
  permission, to fix this issue, please refer to the suggestions given by Mark Masiak via the following post:
  http://community.office365.com/en-us/forums/613/t/54297.aspx
  Also, please check if you've opened TCP ports 80 and 443.
  Also, please refer to:
  http://blogs.technet.com/b/vineethm/archive/2008/08/10/dirsync-faq-before-you-get-started.aspx
  Thank you,
  Arvind

• Dirsync After Exchange 2010 CUTOVER

  Hi to All,
  We have completed our on premises Exchange 2010 using CUTOVER migration. Now, we would find an official article or suitable  process to install active directory synchronization (dirsync) with office 365 tenant.
  As for the http://community.office365.com/en-us/w/exchange/835.cutover-exchange-migration-and-single-sign-on.aspx  is not a propriety document since you are using Exchange server 2010.
  The weird is since the "cutover" exchange 2010 is a suitable and more frequently migration process there is no process to install Dirsync after.
  Please advice.

  Oh, you want to put the bananas back on the bunch?
  http://www.lmgtfy.com/?q=office+365+dirsync+after+cutover+migration
  I've never done it but it appears you can do it.  You'll just want to make sure your Office 365 recipients are properly configured so you don't get duplicates.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Excel issues with importing CSV or HTML table data from URL - Sharepoint? Office365?

  Greetings,
  We have a client who is having issues importing CSV or HTML table data as one would do using Excel's Web Query import from a reporting application.  As the error message provided by Excel is unhelpful I'm reaching out to anyone who can help us begin to
  troubleshoot problems affecting what is normal standard Excel functionality.  I'd attach the error screenshot, but I can't because my account is not verified....needless to say it says "Microsoft Excel cannot access  the file https://www.avantalytics.com/reporting_handler?func=wquery&format=csv&logid=XXXX&key=MD5
  Where XXXX is a number and MD5 is an md5 code.  The symptoms stated in the error message are:
  - the file name or path does not exist
  -The file is being used by another program
  -The workbook you are trying to save has the same name as a currently open workbook.
  None of these symptoms are the case, naturally. The user encountered this with Excel2010, she was then upgraded to Excel2013 and is still experiencing the same issue. The output of this URL in a browser (IE, Chrome, Firefox) is CSV data for the affected
  user, so it is not a network connectivity issue.  In our testing environment using both Excel2010 or 2013 this file is imported successfully, so we cannot replicate.  The main difference I can determine between our test environment and the end-user
  is they have a Sharepoint installation and appear to have Office365 as well.
  So,  my question might more appropriately be for Sharepoint or Office365 folks, but I can't be sure they're  a culprit.  Given this - does anyone have any knowledge of issues which might cause this with Sharepoint or Office365 integrated with
  Excel and/or have suggestions for getting more information from Excel or Windows other than this error message?  I've added the domain name as a trusted publisher in IE as I thought that might be the issue, but that hasn't solved anything.  As you
  can see its already https and there is no authentication or login - the md5 key is the authentication.  The certificate for the application endpoint is valid and registered via GoDaddy CA.
  I'm at a loss and would love some suggestions on things to check/try.
  Thanks  -Ross

  Hi Ross,
  >> In our testing environment using both Excel 2010 and 2013 this file is imported successfully, so we cannot replicate.
  I suspect it is caused by the difference of web server security settings.
  KB: Error message when you use Web query to a secure Web page (HTTPS://) in Excel: "Unable to open"
  Hope it will help.
  By the way, this forum is mainly for discussing questions about Office Development (VSTO, VBA and Apps for Office .etc.). For Office products feature specific questions, you could consider posting them on
  Office IT Pro forum or Microsoft Office Community.
  Regards,
  Jeffrey
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Sharepoint 2013 Public Facing Website With Managed Metadata Navigation on Office365 E3 Trial Online

  Warning: I am a complete novice in sharepoint
  I have subscribed to office365 online trial Enterprise edition to learn sharepoint
  I have created a Public facing Website
  Through the site-collection setting -> navigation created a new metadata group named navigation and chose it for global and current menu(I switched on the publishing service)
  Under the term Management I added two sub terms(for navigation group) with links to document and home.aspx
  The team site immediately showed the global menu with only two options(home and document) as needed
  Unfortunately the public facing site did not show any such options and instead showed a different menu(default one)
  I tried to add the navigation snippet to the master page and it showed the same default menu.
  The public site has no navigation option in Site setting either
  QUESTION: How can I get managed navigation in public facing site? Is it possible or it is not allowed?

  Hi,
  According to your post, my understanding is that you wanted to use the Managed Metadata Navigation in Public Website.
  Per my experience, we could not use the managed metadata navigation in public website, it is only available for the internal site collections.
  For more information:
  http://community.office365.com/en-us/forums/154/t/166500.aspx
  You can refer to the following article to know the public website and internal site collections on Office 365.
  http://blogs.sharepoint911.com/blogs/jennifer/Lists/Posts/Post.aspx?ID=76
  As this is the forum for the SharePoint server, , I’m not sure whether it supported managed metadata navigation now.
  I recommend you can post your question to the forum for SharePoint Online:
  http://community.office365.com/en-us/forums/154.aspx.
  More experts will assist you, then you will get more information relation to SharePoint Online.
  Thank you for your understanding and support.
  Thanks & Regards,
  Jason
  Jason Guo
  TechNet Community Support