DirSync to Office365
I have a Windows 2012R2 server with a single domain, xxxx.local. All the users were created with a UPN of first initial and last name. Also, separately created all the users in Office365, with domain, xxxx.net and an email address of the [email protected] Each
of these accounts was licensed and works appropriately. These accounts also have all the users exchange data set up and working correctly. Then, implemented DirSync. When DirSync did its initialization, it created a second account in Office365. So, in Office365
admin -- Users and Groups, each user appears twice:
Name [email protected] in cloud
Name [email protected] Sync'd with Active Directory
The second account is unlicensed, and un-needed, other than that is the account it sync'd to active directory. I really need the DirSync to sync to the first account, which has the appropriate email address and the users data. How can this be fixed?
Is there a specific reason you created the accounts in Office 365, and then configured DirSync afterweards? (Or was this something done weeks apart because you needed things running before you could install DirSync?)
DirSync doesn't sync to 365 accounts; it sync AD accounts to 365 (or Azure AD more specifically).
So, the correct order of things would be.
- Set up contoso.net as a domain in Office 365.
- Add contoso.net as a secondary upn for the users in AD. (This does not change you using contoso.local as the domain name and primary upn.)
- Install DirSync.
The AD users with contoso.net will automatically get contoso.net in 365 as well, and it's just a matter of assigning licenses.
Users with contoso.local will get the contoso.onmicrosoft.com in the cloud, but it will still show as synced and you can change the upn. (Highly recommend changing in AD, not 365.)
What you want to do is merge the two accounts sort of, but I'm not sure if that is doable.
Similar Messages
-
Exchange server 2003 org decomission before DirSync with office365
Hi,
I am looking to do DirSync of passwords between local and office365 domain. I have migrated all exchange services to office365 a couple of years ago, but still have old exchange 2003 server.
I plan to completely decommission and remove the exchange organization.
Question is once that is done, is there any concern about using DirSync? I thought that all attributes will sync during this process, so not sure if I could possibly be removing attributes that are needed as the exchange 2003 organization is removed,
which in turn can maybe cause sync issues with my current office365 production environment.
I do not run any type of hybrid setup, and not looking to do Single-Sign-On, I am only attempting to sync passwords with specific accounts.
Can I safely uninstall and remove my exchange 2003 organization (a single 2003 exchange server)?
Thank youHi,
This sounds like an ok method, (my one helpdesk technician does not manage my AD apart from password reset), since I am the only tech really to handle the AD - create users etc..
1. You mention setting exchange attributes, could you elaborate on what exchange attributes? Since I am removing my exchange organization locally (single exchange 2003 server) I assume there will no longer be any exchange specific attributes. By
removing the exchange 2003 server org, will I be missing any attributes in order to use AAD Sync?
2. Also, do you know how difficult or easy it is to remove AAD Sync, if I choose to simply keeping cloud authoritative? Any concerns or potential issues you can think of?
Thank you
Robert
You extended your AD schema when Exchange was introduced. Even if Exchange goes away, those attributes are forever defined in your forest, and will need to be populated
somehow for use with *Sync & Exchange Online. If you don't keep an Exchange Hybrid server, as mentioned above, and also don't want to use ADSIEdit, you may consider a tool such as:
Z-Hire Active Directory, Exchange, Lync, Office 365 User Creation Tool
EXCHANGETASKS 2013
As for the difficulty in removing AADSync - its really easy. You'd just throw the server away and disable sync in your Azure AD tenant (one button). Sounds like the main downside in your case would be:
no more password sync
you have to create users twice. once on-prem for on-prem stuff, and again in Azure AD (o365).
Mike Crowley | MVP
My Blog --
Baseline Technologies -
AD schema preparation for Lync Hybrid
Hi,
actually we are using Lync online via Office 365 (Lync Online). Our AD is synchronized via DirSync to Office365. There was never an onpremise environment. Now we want to deploy a Lync Hybrid environment and for that reason we need to prepare our local
AD schema.
Are there any side effects while preparing our AD caused through synchronizing with DirSync to office 365? The new Lync attributes in our local AD are empty at the beginning. Are there any problems with Lync Online if these attributes will be synchronized
to Office 365?
How should we proceed?
regards,
MarioAs soon as you install Lync onprem the msRTCSIP-* AD Attributes are getting synced into Azure AD. This might cause a problem with Lync
Online users. This is covered here: http://365lab.net/tag/msrtcsip-userenabled/
Please be aware that all internal and external DNS are now pointing to Lync online... In a hybrid environment they should point to the onprem pool.
I would filter out all msRTCSIP-* properties from the AD Sync first, then install onprem. Don't change the DNS entries in the beginning. Make sure your Lync onprem is working correctly, then schedule
a downtime change the DNS entries, check your edge server (this is vital for hybrid). Remove the filter from the AD Sync and then activate hybrid configuration.
I am not sure if there's a technet description for what you are planning to do. -
Hi,
Our Current Scenario:
We have Active Directory with 150 users (Single Forest & Single Domain) on Windows Server 2012 R2.
Our Current Email Server is Google Apps where we have 150 users already so basically our user does not have facility for Single Sign on they have two password one for computer login (Domain Password)
and one Google Login (Email Password).
What we want To DO:
Now we want to migrate all of our users on Exchange Online (Office 365), we also want to enable Single Sign On (Example users have only one password for both computer login and email Login Just be
like Exchange on Premises.
I have following question in mind.
How can we integrate our current Active Directory with Office365?
I Google it and found that AD can be integrate with Active Directory Federation Service is this true? What are Pros and Cons for ADFS?
Should we need to take extra subscription of Windows Azure for integrating our Active Directory with Office365?
What happens with those users who have account in AD and also on Gmail like UPN names are same
Example [email protected] (Email Account)
ABC (Domain Account)
Will these two conflict with each other or what happened if we integrate AD?Hello!
So, let's tackle each point one-by-one
First, as you found in your research, you would establish integration between your Active Directory and Office365 via Directory Synchronization, and this is established by using Active Directory Federation Services.
As for Pros and Cons, I am not really sure what you mean there. The pros would be that you are able to achieve the functionality that you seek out. You would be able to set up Directory Synchronization and SSO with ADFS, and once that is done, you conduct
all your user management from your On-Prem Active Directory Users and Computers when it comes to user management. The Cons might be that you should not deploy ADFS on a Domain Controller, so you will need to launch another server in your environment to accommodate
this. You will also need to obtain a public SSL certificate for the ADFS deployment.
There should be no additional Office 365 subscription purchases needed to enable and use directory synchronization.
As for your Gmail users, if you are looking to migrate them to Office 365 using Exchange Online, you will need to perform a IMAP Migration, which requires that you set up the Exchange accounts in Exchange Online in advance. This should work out well for
you, because you can set up the Exchange account as you migrate your users into Office 365 with Directory Synchronization and then assign the proper licensing to each user. Then, once the Exchange mailbox is in place, you conduct the IMAP migration,
which moves mail-only items from the users' existing Gmail inboxes into their new Exchange Online mailboxes.
I hope that helped answer your questions and alleviated some concerns. Obviously you will still need to do a bit of research for the details on conducting the directory synchronization and email migration from Gmail, but there is great documentation
out there for both. To get started with the DirSync with SSO, I have published a blog post that deals with prepping for DirSync and setting up a lab with ADFS and DirSync, and it will definitely help you get started in the right direction: http://blog.msucguy.com/2015/04/office-365-directory-synchronization.html.
If there is anything else I can help elaborate on a bit more, let me know!
-Regards
Josh B. | MCITP: Enterprise Administrator -
Upgrading DirSync for Office 365
Is there a good technical document on the upgrade process from DirSync
6092.42 to latest version
6553.0002 ? and are there any known issues (or bugs) people have encountered ?Hi,
This is the forum to discuss questions and feedback for Microsoft Office client. There is not so much about
Office 365 Server/Directory integration aspects here, I would suggest you to post in the dedicated forum of
Office 365 Community, where you can get more experienced responses:
http://community.office365.com/en-us/f/default.aspx
The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
Regards,
Ethan Hua
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs. -
Extending AD schema to sync to Office365
Hi, we currently are running a fresh AD environment that has never been exposed to Exchange. We are running DirSync to sync AD to Office365 (one way). We're currently unable to manage several attributes due to not ever having an Exchange installation, so
we simply need to extend our AD schema to add the necessary attributes. This seems to be a somewhat common problem, but there doesn't seem to be any official documentation/procedure for fixing. Here's a few things that really need clarification, for anyone
looking to extend their schema for Office365 purposes:
1. Which Exchange installation to use to extend schema?
2. The objects that were synced to Office365 initially had some of the attributes we're now missing. Should we be concerned about overwriting these attributes with null values after the schema extension? What is the best method to address these concerns?
Is there a list of attributes provided by the schema extension so we can check what may be overwritten?
Thanks and please help!1. Which Exchange installation to use to extend schema?
I always used Exchange Server 2013.
2. The objects that were synced to Office365 initially had some of the attributes we're now missing.
Should we be concerned about overwriting these attributes with null values after the schema extension?
If something is wrong with the sync then you should be able to see it on DirSync after the sync attempt. The list of synced attributes is mentioned here: http://social.technet.microsoft.com/wiki/contents/articles/19901.dirsync-list-of-attributes-that-are-synced-by-the-azure-active-directory-sync-tool.aspx
Of course, the data are synced from AD to Office 365 so you need to take in consideration that your data will be overwritten. The good approach would be to populate these attributes in AD before running the sync.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Decommission Exchange Server 2013 after migration to Office365
We had an on-premises Exchange Server 2013 failure with multiple hard disk failures.
Since we already had an Office365 E3 plan, we decided to bite the bullet and move to Exchange Online. Since we did not have ADFS or Dirsync yet and time was against us to get email flowing as quickly as possible, we imported all the users into Office365,
i.e. disconnected from our AD.
We then setup all their Outlook 2013 profiles with Office365 and imported their mailboxes from PSTs, so they are all up and running on Office365 now (still disconnected from our AD).
I would like to decommission our on-premises Exchange 2013, since our current setup is not very common, i.e. Office365 mailboxes which are not linked to our AD.
I would like some pointers and guidance how to go about this.
Thanks
ChrisHi
As per your description i can see that your on-premise exchange servers are running with no users, no services integrated with Office 365 users and no adfs dirsync
So in this scenario you can do a normal uninstallation of Exchange 2013 servers
Before uninstalling a Exchange 2013 Server,
Make sure all the console related to Exchange server are closed
Mailbox databases on that server has to be removed
Uninstall Exchange server from control panel
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
(MVP) -
Implications of changing UPN suffix in preparation for Office 365 & DirSync
Hi,
I hoping someone can add their experience and recommendations for implementing DirSync with a new Office 365 installation. My client's current UPN suffix is xxx.local. We need to change this to their routable internet address of xxx.com. I've read how
to add the suffix to the domain and I've seen some posts about how to script this conversion.
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/4e4cc3d7-8774-4978-8d52-04a5b5994923
Is it as simple as this above thread describes? Any gotchas to watch out for? Thanks!Hello,
for Office365 there is a specific forum
http://community.office365.com/en-us/forums/default.aspx
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights. -
Hello,
I am currently operating in the cloud fully, without any hybrid setup. But I have an old exchange 2003 server, from which I migrated to office365 still in the AD domain. I plan on fully removing it and any exchange organization information.
My question is, once I fully remove exchange 2003 org from my environment, including the attributes with it, is it still ok to use DirSync with password sync in order to sync passwords with Office365? My concern is that since I only have a standard
2003 domain (now without any exchange attributes), that the syncing could cause some changes in Office365. Since I have about 120 users operating for 2 years now fully in Office365, I need to ensure that nothing will be effected if I choose to setup
DirSync.
Any clearification and further documentation greatly appreciated.
Thank youHi,
Some additional info which can be good to clarify. As mensioned before, moving from Cloud Identies to Synchronized identities requires you to "match" your on prem Active directory users with the ones in the cloud. If that is not done properly,
you'll end up with duplicate users.
Here's a blogpost link on the topic that also includes a script that probably will help you on your way (will however not work if you don't have 2008R2 domain controllers without modification)
http://365lab.net/2014/04/18/office-365-migrate-from-cloud-identities-to-dirsync/.
Also note that from the moment you have started to use synchronized identities, as of now, you need to start manage alias email addresses and other attributes for your users in your local Active directory.
Hope this helps,
Johan
Microsoft Certified Trainer
MCSE: Desktop, Server, Private Cloud, Messaging
Blog: http://365lab.net -
Existing Office365 Tenancy STANDALONE - moving to hybrid...
Hi guys,
We have Exchange 2013 on premise, working fine, serving users with our main domain. (domain.com)
We also have a separate Office365 tenancy, with a subset of users that have a subdomain (sub.domain.com). These users logon to Office365 with credentials stored on just Office365 - they are not federated with our on-premise Exchange / AD.
We are now looking at merging these two environment e.g. moving to a true Hybrid, with the goal being that the users we have on Office365 can have our primary domain as an email address (domain.com) as well as their current subdomain address.
There doesn't seem to be much online about this - it's a slightly unusual situation... If I was to implement the usual plan of ADFS and DirSync and integrate our on-prem, what happens to the existing accounts on Office365? Would they stay as authenticating
as they are - e.g. against the current MS accounts? If so can I move them so they are authenticated using an AD user object via federation? How would one do this? Would this just "magically" happen if there is a matching AD user object, could I match
the account using the GUI or would I need to run a PowerShell command?
Thanks - SteveHi,
Since this issue is more related to Office 365, it's better to post your question to the Office 365 Community forum:
http://community.office365.com/en-us/f/default.aspx
The reason why we recommend posting appropriately is you will get the most
qualifiedpool of respondents,
and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
Steve Fan
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs. -
Dear all,
I have used DirSync to sync my users with Office365, however the user have different usernames (I am not talking about the domain suffix). For example some users show as [email protected] and others show as [email protected] On my on-premise AD all
the users are configured with b.smith@... format for login (under their account settings) I just trying to figure out which user attribute DirSync push to Azure AD, I think it may be the maiNickname?
I would like to understand where this attribute is take from and why it is different for various users and also how I can change all my user from BobSmith@ to b.smothHi Mika,
Based on the your discription, the quesion is more related to Office 365 cloud. I’m sorry we have limited resources and support for client configurations. Try to post your question to the forum for Office 365, it it ok for you?
http://community.office365.com/en-us/forums/default.aspx
Cheers,
Tony Chen
Forum Support
Come back and mark the replies as answers if they help and unmark them if they provide no help.
If you have any feedback on our support, please contact
[email protected]
-
Dirsync Configuration Setup Fails
During Dirsync setup after local AD and AAD credentials are entered the configuration fails .
I get the following error
Service MSOnlineSyncSchedule was not found on computer
Using
Windows Server 2008 R2
PaulGreetings, Paul!
This issue might be caused if the service account
MIIS_Service doesn't have "Logon as a service"
permission, to fix this issue, please refer to the suggestions given by Mark Masiak via the following post:
http://community.office365.com/en-us/forums/613/t/54297.aspx
Also, please check if you've opened TCP ports 80 and 443.
Also, please refer to:
http://blogs.technet.com/b/vineethm/archive/2008/08/10/dirsync-faq-before-you-get-started.aspx
Thank you,
Arvind -
Dirsync After Exchange 2010 CUTOVER
Hi to All,
We have completed our on premises Exchange 2010 using CUTOVER migration. Now, we would find an official article or suitable process to install active directory synchronization (dirsync) with office 365 tenant.
As for the http://community.office365.com/en-us/w/exchange/835.cutover-exchange-migration-and-single-sign-on.aspx is not a propriety document since you are using Exchange server 2010.
The weird is since the "cutover" exchange 2010 is a suitable and more frequently migration process there is no process to install Dirsync after.
Please advice.Oh, you want to put the bananas back on the bunch?
http://www.lmgtfy.com/?q=office+365+dirsync+after+cutover+migration
I've never done it but it appears you can do it. You'll just want to make sure your Office 365 recipients are properly configured so you don't get duplicates.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
Excel issues with importing CSV or HTML table data from URL - Sharepoint? Office365?
Greetings,
We have a client who is having issues importing CSV or HTML table data as one would do using Excel's Web Query import from a reporting application. As the error message provided by Excel is unhelpful I'm reaching out to anyone who can help us begin to
troubleshoot problems affecting what is normal standard Excel functionality. I'd attach the error screenshot, but I can't because my account is not verified....needless to say it says "Microsoft Excel cannot access the file https://www.avantalytics.com/reporting_handler?func=wquery&format=csv&logid=XXXX&key=MD5
Where XXXX is a number and MD5 is an md5 code. The symptoms stated in the error message are:
- the file name or path does not exist
-The file is being used by another program
-The workbook you are trying to save has the same name as a currently open workbook.
None of these symptoms are the case, naturally. The user encountered this with Excel2010, she was then upgraded to Excel2013 and is still experiencing the same issue. The output of this URL in a browser (IE, Chrome, Firefox) is CSV data for the affected
user, so it is not a network connectivity issue. In our testing environment using both Excel2010 or 2013 this file is imported successfully, so we cannot replicate. The main difference I can determine between our test environment and the end-user
is they have a Sharepoint installation and appear to have Office365 as well.
So, my question might more appropriately be for Sharepoint or Office365 folks, but I can't be sure they're a culprit. Given this - does anyone have any knowledge of issues which might cause this with Sharepoint or Office365 integrated with
Excel and/or have suggestions for getting more information from Excel or Windows other than this error message? I've added the domain name as a trusted publisher in IE as I thought that might be the issue, but that hasn't solved anything. As you
can see its already https and there is no authentication or login - the md5 key is the authentication. The certificate for the application endpoint is valid and registered via GoDaddy CA.
I'm at a loss and would love some suggestions on things to check/try.
Thanks -RossHi Ross,
>> In our testing environment using both Excel 2010 and 2013 this file is imported successfully, so we cannot replicate.
I suspect it is caused by the difference of web server security settings.
KB: Error message when you use Web query to a secure Web page (HTTPS://) in Excel: "Unable to open"
Hope it will help.
By the way, this forum is mainly for discussing questions about Office Development (VSTO, VBA and Apps for Office .etc.). For Office products feature specific questions, you could consider posting them on
Office IT Pro forum or Microsoft Office Community.
Regards,
Jeffrey
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Sharepoint 2013 Public Facing Website With Managed Metadata Navigation on Office365 E3 Trial Online
Warning: I am a complete novice in sharepoint
I have subscribed to office365 online trial Enterprise edition to learn sharepoint
I have created a Public facing Website
Through the site-collection setting -> navigation created a new metadata group named navigation and chose it for global and current menu(I switched on the publishing service)
Under the term Management I added two sub terms(for navigation group) with links to document and home.aspx
The team site immediately showed the global menu with only two options(home and document) as needed
Unfortunately the public facing site did not show any such options and instead showed a different menu(default one)
I tried to add the navigation snippet to the master page and it showed the same default menu.
The public site has no navigation option in Site setting either
QUESTION: How can I get managed navigation in public facing site? Is it possible or it is not allowed?Hi,
According to your post, my understanding is that you wanted to use the Managed Metadata Navigation in Public Website.
Per my experience, we could not use the managed metadata navigation in public website, it is only available for the internal site collections.
For more information:
http://community.office365.com/en-us/forums/154/t/166500.aspx
You can refer to the following article to know the public website and internal site collections on Office 365.
http://blogs.sharepoint911.com/blogs/jennifer/Lists/Posts/Post.aspx?ID=76
As this is the forum for the SharePoint server, , I’m not sure whether it supported managed metadata navigation now.
I recommend you can post your question to the forum for SharePoint Online:
http://community.office365.com/en-us/forums/154.aspx.
More experts will assist you, then you will get more information relation to SharePoint Online.
Thank you for your understanding and support.
Thanks & Regards,
Jason
Jason Guo
TechNet Community Support
Maybe you are looking for
-
In ALV report.The user wants to hide specfic fields
Hi In ALV report.The user wants to hide specfic fields but the user must be able to add these fields to the report: can any one give the suggestions
-
My I pad has a red blotchy screen and keypad has gone blue? Any ideas how to solve?
MY iPad has a red blotchy screen and keypad has gone blue, any ideas if I can rectify this?
-
Is there any process to convert an value-based hierarchy to level-based one
Hi Experts, Is there any automated or manual process to convert the value-based hierarchy to the level-based hierarchy. Thanks VR
-
How can I open IE, in inPrivate Browsing mode using PowerShell script? $ie = New-Object -com internetexplorer.application; $ie.visible = $true; $ie.navigate2("http://bing.com"); while ($ie.Busy -eq $true) { Start-Sleep -Milliseconds 1000; } Ramana
-
Adding audio to a video demo Captivate 8
How can I add mp3 audio files to a video demonstration I recorded in Captivate 8? I recorded the demo. Then, clicked edit. When I choose Media, the audio option is grayed out and does not let me select.