Reinstalling AD Directory Sync

Similar Messages

• Cannot install Windows Azure Active Directory Sync tool on Server 2012 w/ SQL Server 2012

  I went to change a user password on the server today and after changing the password I logged into the SQL server to run “Import-module dirsync” & “Start-onlinecoexistencesync” in powershell in order to sync the new password with Exchange Online. After
  waiting ten minutes I tried setting up the email on the user’s PC but the new password was not being accepted. I logged into Office 365 and I got the following warning.
  "Warning: Last synced more than 3 days ago | Troubleshoot"
  So I pressed troubleshoot and the site installed a tool on the server to try and find out what the issue was. After the tool ran it told me that the version of dirsync.exe was out of date and that I should download the new one and install it. So I downloaded
  the new dirsync.exe (version 7020 I believe) and tried installing it. I kept getting error after error, different ones to boot.
  First it told me I wasn’t part of the FIMSyncAdmins group (so I added myself), then it told me that it could not connect to MIIS server,  so I tried starting it and windows said that there was a problem with the sign on used by the service so I had
  to reset the password for the local user named “AAD_bfd1d6f0cef7” which was being used by that service. The service started successfully and when I went to install it told me I could not and if the problem persisted I should uninstall the old version and reinstall.
  Looking in the log file, before I even install the software I see the following Information...
  Level: Information
  Date: 2015-03-24 12:49:17 PM
  Source: Directory Synchronization
  Event ID: 0
  Task Category: None
  "The current configuration of the Windows Azure Active Directory Sync tool is invalid. Please reinstall the Windows Azure Active Directory Sync tool."
  So I tried to reinstall (i even manually uninstalled the old version and removed the folder in C:\Program Files\ called "Windows Azure Active Directory Sync") and on reinstall I get as far as "Installing Components" and then after a little
  while it errors out with the error "The install was unable to setup a required component. Check the event logs for more information. Please try the installation again and if the error persists, contact Technical Support. "
  Looking at the log file there are a bunch of new entries, created by the installer. There's over 300 new entries and I can not post them all here due to character count restriction. you can find the log file here...
  www.clarkfreightways.com/wp-content/uploads/2015/03/dirsync_log.txt
  Can anyone tell me what is going on, I've been looking through the log files and I can see errors but I'm not sure what to do to fix it.

  Greetings!
  Wanted to know if you've hosted the DirSync tool (latest version) on a VM? Also, if this is deployed in a Production or Lab environment? If it's a lab setup, you may
  try installing the DirSync on a new VM / Server (suspecting that it could be some machine related issues).
  Here's a Support KB helping with different errors:
  http://support.microsoft.com/en-us/kb/2684395
  If its a production environment, would suggest to raise a
  Technical Support Ticket for assisting further with break-fix.
  Thank you,
  Arvind 

• Need BPOS Directory Sync installer

  Hi, I'm hoping someone out there can help me; I need a BPOS version of the Directory Sync installer. I was transitioned over to Office 365 a couple of weeks back. Office 365 has a different Directory Sync tool than BPOS, so I had to uninstall the BPOS version
  of DirSync to install the Office 365 version. Well, the uninstallation got borked, and now the install of the new version won't complete. I've been working with Microsoft on a solution, and they suggested reinstalling the BPOS version, and then attempting
  to uninstall after the fact.
  Unfortunately, since I have been transitioned over I can't download the BPOS installer any more. Would anyone out there be willing to download the installer from their BPOS account and let me know?
  Thanks,
  Ted Kniazewycz
  IT for TITAN Metal Fabricators

  Unfortunately that is what I was trying to do, and was broken due to a bad uninstall of the BPOS version. Luckily, I got successful manual uninstall steps from Microsoft. I'll post them here for everyone else's benefit.
  Cause
  This issue may occur when one of the Directory Synchronization decencies becomes corrupted.
  Resolution
  To work around this issue, complete the following steps:
  Create a Local Machine Group named MIISAdmins.
  Add yourself to the group.
  Sign out, and then sign in to establish the new group membership in the access token. 
  Use Add/Remove Programs to uninstall Microsoft Online Services Directory Synchronization.  
  If the above steps does not resolve your issue, you will need to perform the following steps as a workaround to uninstall Directory Synchronization: 
  Note: if on Windows Server 2008, ensure that you are logged on as a local administrator
  and open any command prompts with "Run as administrator"
  1.    
  Attempt to uninstall Microsoft Online Services Directory Synchronization by running the following command from a command prompt:
  Msiexec /x {9F49A6D5-4E82-445C-A546-0F0939599595} /lvx DirSync_uninstallFailure.log
  If the uninstall still fails, attempt to troubleshoot based on analyzing the log file.  If you still cannot determine cause of failure.  Then perform the following steps as
  a last resort:
  1.          
  Click
  Start, type Run, type regedit, and then click
  OK.
  2.          
  Expand the following registry subkey:
  HKEY_LOCAL_MACHINE/ Software/ Microsoft/ Windows/
  CurrentVersion/ Uninstall.
  3.          
  Find and Delete the entry named
  {9F49A6D5-4E82-445C-A546-0F0939599595}.
  If the above entry is not found, also look under
  4.          
  Find and Delete the entry named "Microsoft Online Directory Sync".
  Note: If the above entries are not found, also look under
  HKEY_LOCAL_MACHINE/ Software/ Wow6432Node/ Microsoft/ Windows/
  CurrentVersion/ Uninstall.  
  2.     
  Remove
  Microsoft Directory Sync Client by running the following command from a command prompt:
  Msiexec /x {85E058A2-7EDC-44DB-B3DE-ED8B18BD9E66} /lvx DirSync_uninstallFailure.log
  If the uninstall still fails, attempt to troubleshoot based on analyzing the log file.  If you still cannot determine cause of failure.  Then perform the following steps as
  a last resort:
  1.          
  Click
  Start, type Run, type regedit, and then click
  OK.
  2.          
  Expand the following registry subkey:
  HKEY_LOCAL_MACHINE/ Software/ Microsoft/ Windows/
  CurrentVersion/ Uninstall.
  3.          
  Find and Delete the entry named
  {85E058A2-7EDC-44DB-B3DE-ED8B18BD9E66}.
  Note: If the above entry is not found, also look under
  HKEY_LOCAL_MACHINE/ Software/ Wow6432Node/ Microsoft/ Windows/
  CurrentVersion/ Uninstall.  
  3.     
  Remove
  Microsoft SQL Server 2008 Express Edition by running the following command from a command prompt:
  Msiexec /x {A91E3887-5185-4091-AF33-AF33-AB0048444055} /lvx DirSync_uninstallFailure.log
  If the uninstall still fails, attempt to troubleshoot based on analyzing the log file.  If you still cannot determine cause of failure.  Then perform the following steps as
  a last resort:
  1.          
  Click
  Start, type Run, type regedit, and then click
  OK.
  2.          
  Expand the following registry subkey:
  HKEY_LOCAL_MACHINE/ Software/ Microsoft/ Windows/
  CurrentVersion/ Uninstall.
  3.          
  Find and Delete the entry named
  {A91E3887-5185-4091-AF33-AF33-AB0048444055}. Note: If the above entry is not found, also look under
  HKEY_LOCAL_MACHINE/ Software/ Wow6432Node/ Microsoft/ Windows/
  CurrentVersion/ Uninstall.  
  4.    
  Uninstall
  Microsoft Identity Integration Server from Add/Remove Programs
  5.    
  Remove the following registry entries
  1.          
  (HKLM/SYSTEM/CurrentControlSet/Services/MSOnlineSyncScheduler)
  2.          
  (HKLM/SYSTEM/CurrentControlSet/Services/MSSQL$MSONLINE)
  3.          
  (HKLM/SOFTWARE/Microsoft/MSOLCoExistence)
  4.          
  (HKLM/SOFTWARE/Microsoft/Microsoft SQL Server/Instance Names/SQL/MSONLINE)
  5.          
  (HKLM/SOFTWARE/Microsoft/Microsoft SQL Server/MSONLINE)
  6.          
  (HKLM/SOFTWARE/Microsoft/Microsoft SQL Server/MSSQL.N)
  7.          
  (HKLM/SOFTWARE/Microsoft/Microsoft SQL Server/InstalledInstances
  Do not delete the entire String key, Delete MSONLINE from InstalledInstances
  6.    
  Delete the following folder locations
  1.          
  (%ProgramFiles%/Microsoft SQL Server/MSSQL.N)
  2.          
  (%ProgramFiles%/Microsoft Online Directory Sync)
  7.    
  Ensure the
  MIIS_Service user account is removed from the local computers Local Users folder
  8.    
  Ensure the following groups are removed from the local computers Group folder
  1.          
  MIISAdmins
  2.          
  MIISBrowse
  3.          
  MIISJoiners
  4.          
  MIISOperators
  5.          
  MIISPasswordSet
  9. 
  Restart the computer

• Unable to install Directory Sync tool in windows server 2008 R2 Eneterprise

  Hi,
  I am unable to install Directory Sync  in windows server 2008 R2 Eneterprise.i have joined my machine domain joined computer running Windows Server 2008 r2 enterprise,when i click dirsync.exe then gives below Error.
  The Windows Azure Active Directory Sync tool must be installed on a domain joined computer running Windows Server 2008 Service Pack 2 or later,or Windows Server 2008 r2 Service Pack 1 or later
  Please help on this why this happing when i try to installed DirSync software.
  Regards
  Anil Kumar

  Hi,
  have you already installed .net framwork 3.5 and 4.5.1 on that machine?
  http://technet.microsoft.com/en-us/library/jj151831.aspx
  Also make sure that you run the install command from an elevated command prompt.
  Hope that helps,
  Lutz

• Can't find air video in system tray on my pc. Recently updated op system from xp to win7. already reinstalled itunes and synced ipad.

  Can't find air video in system tray on my pc. Recently updated op system from xp to win7. already reinstalled itunes and synced ipad.

  Carol L wrote:
  Hi Deggie....I did figure that out since I posted the original question, and I downloaded ther server again and tried it out, but it can't connect. Any ideas?
  -> http://www.inmethod.com/airvideo/troubleshooting.html
  -> http://inmethod.freshdesk.com/support/solutions

• Office 365 directory sync disable stuck on pending

  I have a situation where I have setup directory sync with the on premise AD and Office 365. I have now tried to disable directory sync and is has been a week and it still says:
  Active Directory synchronization is being deactivated. This process may take up to 72 hours to complete.
  in the admin site. I also get this from the PowerShell:
  PS C:\Windows\system32> (Get-MSOLCompanyInformation).DirectorySynchronizationStatus
  PendingDisabled
  I really need some help getting this disabled properly so I can start fresh with directory sync.

  Hi,
  If the output is "PendingEnabled" or "PendingDisabled" after the expected enablement time period has passed, this is a known issue with Exchange Online.
  Please refer to this KB article for more details:
  http://support.microsoft.com/kb/2654338. You might need to follow the steps listed in above article, collect the information, and then contact Support.
  Also,this forum focuses on some general discussion about Microsoft Office, better to post this kind of questions in the forum of Office 365 Community where you can get more effective answers:
  https://community.office365.com/en-us/f/default.aspx
  Hope this helps.
  Thanks,
  Ethan Hua CHN
  TechNet Community Support

• Windows Azure Active Directory Sync Setup

  Hi,
  Currently trying to install Windows Azure Active Directory Sync tool for use with Office 365.
  After five attempts to install the Sync Tool, I finally had some luck, now I am configuring the Sync tool and have been given the following error "A constraint violation occurred"
  In looking at the event logs this is the information I get:
  System.Management.Automation.CmdletInvocationException: A constraint violation occurred. ---> System.DirectoryServices.DirectoryServicesCOMException: A constraint violation occurred. at System.DirectoryServices.DirectoryEntry.CommitChanges() at Microsoft.Online.DirSync.Common.DirectoryServicesAdapter.DirectoryEntry.CommitChanges()
  at Microsoft.Online.Coexistence.PS.Config.EnableMSOnlineRichCoexistence.GrantWritePropertyPermission(SecurityIdentifier securityIdentifier, String groupDn) at Microsoft.Online.Coexistence.PS.Config.MSOnlineRichCoexistenceBase.GrantPermission(Action`2 grantPermissionAction)
  at Microsoft.Online.Coexistence.PS.Config.EnableMSOnlineRichCoexistence.InternalBeginProcessing() at Microsoft.Online.Coexistence.PS.Config.MSOnlineConfigCmdlet.BeginProcessing() at System.Management.Automation.Cmdlet.DoBeginProcessing() at System.Management.Automation.CommandProcessorBase.DoBegin()
  --- End of inner exception stack trace --- at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at Microsoft.Online.DirSync.PowerShellAdapter.PowerShellCommand.ExecuteCommand(Command command, Boolean refreshPath)
  Suggestions?
  Thanks

  Hi,
  According to your description, it seems that you have installed Azure Active Directory Sync tool successfully, right? What configuration have you done when you got that error message?
  Firstly, I recommend you to check the event logs for more detailed information about this issue.
  In general, it is recommended to install the Directory Sync tool on a member server rather than a Domain Controller. If you installed Azure Active Directory Sync Tool on a Domain Controller, please uncheck “Start Configuration Wizard now”
  checkbox and then log off and log in again to configure the Azure Active Directory Sync Tool Configuration Wizard. If you forget to follow the above process, the Configuration Wizard will return an error "Constraint Violation Error".
  Besides, please also check the permission of the system account. You can add it into the built-in Administrators group in your on-premise domain to see if the issue persists.
  More information:
  HowTo: Install the Windows Azure Active Directory Sync Tool
  Best regards,
  Susie

• Connect Active Directory Sync Error - operation-size-error

  We are on Connect 9. We have our Active Directory Sync running once per day. I received a sync log error as follows:
  E-Learning-All-Empl-grps
  G
  error
  Change$Update$Group: SyncTargetException: StatusException$OperationSizeError: <status code="operation-size-error"/>
  The E-Learning-All-Empl-grps is a distribution list in Active Driectory that is used to contain one of 9 sublists. Each sub-list has up to 800 names. This was to get around an earlier issue with their being a limitation when we are on Breeze that only a max of 800 names could be in any group.
  What does this error mean and how can I correct this?
  Dave

  I tried all of this, I still can not bind my Mac 10.6.3 to Microsoft Windows 2003 R2 Active Directory, and the failure I receive that Time settings between both computers is not synced although the time is the same on both machines, and I restart the NNTP on Windows Server, and added the Active Directory IP Address on the Date & time Settings on Mac.
  Any Help

• Directory Sync server redundancy.

  How is redundancy for the Directory Sync server accomplished?
  We have a load balanced pair of ADFS servers, a load balanced pair of ADFS proxies at our primary datacenter. We have additionally deployed an individual ADFS server and proxy at an alternate datacenter. The ADFS servers are configured as a farm. So if we
  need to fail over to the secondary datacenter, we just need to change DNS entries for our federation services. All this is in place and tested.
  How do we accomplish something silimar for Directory Sync?

  Implementing FIM is another investment in terms of licensing, I would rather go with DirSync ;)
  I have heard that Microsoft is planning to get rid of DirSync in future. I think I will be good with Standalone servers for a while.
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Directory sync not progressing

  I'm trying to set up my directory sync in a new workspace deployment, but get stuck on the final step. Have I done something wrong, or is this expected for an AD domain with 4000+ users (even though I'm only trying to add a group with 10 people)?
  We are running Workspace 2.1.0.2100 Build 2099413
  What I have done:
  Go to Connector Services Admin -> Directory Sync
  Scheduling : Once per day 11:55 PM
  Click "Edit Directory Sync Rules"
  Select Users Step
  DN for Users: DC=group,DC=company,DC=base
  No filters
  Click "Continue"
  There are about 4000 users in our directory
  Select Groups Step
  DN for Groups: OU=Security Groups,OU=Location,DC=group,DC=company,DC=base
  From the available groups I select a single group which contains my test app security group with about 10 users, it is the only group selected
  Click "Continue"
  Push to Workspace Step
  A progress bar and the text "Calculating Sync Actions." is displayed. It has been sitting here for 8 hours so far.
  When Workspace was first installed (with an invalid group in step 2), it took about 30 minutes to complete.

  Can you please send us the log bundle to take a look at what might be going on here. Go to https://yourworkspacehostname:8443. This is how you can generate the log bundle. Click on "Appliance Configruator". Login using the admin password you chose. Click on "Log File Locations". Click on "Prepare log bundle" button. You can send that file to me via private message. Thanks.

• AAD Directory Sync on Server 2008 SP2

  Directory sync seems to be working, and the MSDN article says that 2008 SP2 is supported, but password sync is failing. Has anyone got this to work?  I know there are blog posts out there that say 2008 R2 is required, but that is not what MSDN says.
  https://msdn.microsoft.com/en-us/library/azure/dn757602.aspx
  The version I have installed is the latest.  It says 1.0.475.1202 in add-remove programs.
  Password synchronization failed for domain: domain. Details:
  System.IO.FileLoadException: A procedure imported by 'Microsoft.Online.PasswordSynchronization.Cryptography.dll' could not be loaded.
  File name: 'Microsoft.Online.PasswordSynchronization.Cryptography.dll'
     at Microsoft.Online.PasswordSynchronization.PasswordHashGenerator.CreatePasswordHash(ChangeObject changeObject)
     at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.CreatePasswordData(ChangeObject changeObject)
     at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.BuildPasswordBatch(IList`1 passwordChanges, IEnumerable`1 changeObjects)
     at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.BuildPasswordBatch(IList`1 changeSetObjects)
     at Microsoft.Online.PasswordSynchronization.DeltaSynchronizationTask.SynchronizeCredentialsToCloud()
     at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()
     at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()
     at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)

  Hi,
  The Password Sync feature of the Directory Sync tool will not work correctly if Directory Sync tool is deployed on an OS older than Windows Server 2008 R2 SP2.
  https://immencloud.wordpress.com/2013/06/03/dirsync-with-password-sync-troubleshooting/
  If you have any feedback, you could post in:
  http://feedback.azure.com/forums/34192--general-feedback
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Directory Sync Object Count

  Directory Sync Tool continually refers to sizing based on object count to sync; this number being 50K. Running IdFix the query count is 104479 which I assume is the total number of sync-able objects in our AD. Is this correct? Now, I only want to sync
  certain OUs because we have many user accounts that are place holders for historical students to be able to logon to our web portal so they can retrieve transcripts. These users do not have mailboxes, would not have access to office 365, etc. So, is the object
  count and sizing DirSync setup and configuration referring to only those object we wish to sync or the total in the directory?

  I'd also suggest asking this in the 'Directory Integration Services' forum over on the O365 forums:
  http://community.office365.com/en-us/f/613.aspx
  Don't retire TechNet! -
  (Don't give up yet - 12,950+ strong and growing)

• Directory Sync Objects Count

  Directory Sync Tool continually refers to sizing based on object count to sync; this number being 50K. Running IdFix the query count is 104479 which I assume is the total number of sync-able objects in our AD. Is this correct? Now, I only want to sync
  certain OUs because we have many user accounts that are place holders for historical students to be able to logon to our web portal so they can retrieve transcripts. These users do not have mailboxes, would not have access to office 365, etc. So, is the object
  count and sizing DirSync setup and configuration referring to only those object we wish to sync or the total in the directory?

  only those objects you wish to sync
  Mike Crowley | MVP
  My Blog --
  Planet Technologies

• Exchange and EOP and "Windows Azure Active Directory Sync tool".

  Hi,
  Since we are using our on-premises Exchange server and Microsoft EOP only for spam filter, and
  we are not using the EOP created domain "XXXX.onmicrosoft.com" for anything.
  Technically speaking, do we require
  "Windows Azure Active Directory Sync tool" to be installed and synchronizing all our AD to the EOP!
  Thanks,

  The Windows Azure Active Directory Sync Tool allows you to filter mail in EOP for nonexistent recipients.  This is a pretty useful antispam feature that you'll be forgoing if you choose not to deploy the tool.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• MFA Directory sync

  Hello,
  I am setting up an environment which require MFA for users and administrators. I can't seem to be able to get Directory Integration to work. I am able to manually add users from my AD, but the automatic AD sync gives the following error:
  2014-11-29T11:48:21.623566Z|i|1984|1352|pfadssvc|Processing full synchronization to initialize synchronization cookies
  2014-11-29T11:48:21.639234Z|e|1984|1352|pfadssvc|Error initializing user directory synchronization cookie for dc=***,dc=***,dc=***:  Synchronization cannot continue.
  2014-11-29T11:48:21.639234Z|i|1984|1352|pfadssvc|Synchronization time: 00:00:00.0624985
  Do i need to configure something specific for directory sync to work? My MFA server is domain joined, got everything working except the Directory Integration Syncronisation.
  Thanks

  Hi,
  I had the same problem, that I appear to have fixed. Try setting the MultiFactorAuthAdSync service to run as a domain account that has privileges to read the AD. It worked for me.
  Cheers