Solved

Cutover Migration - DirSync - DNS Changes - Migration Endpoint - Question Please...

Posted on 2014-03-13
6
388 Views
Last Modified: 2016-06-01
So I've come to find that after DirSync is installed and Active Directory Synchronization is enabled on 365 side that the migration batch fails..

So my question is this.. I want to have DirSync enabled and to have my users be able to use their network passwords for 365.. So, I create the migration endpoint and the migration batch choosing cutover migration. It creates all the mailboxes on the 365 side and starts syncing mail..

I then install DirSync on my network and push my AD passwords.. It matches up the users to the mailboxes and life is good..

I then make the DNS changes and there is a time that email will be being delivered to both the on premise sever and the 365 servers depending on the amount of time it takes for DNS to propagate..

 This is fine, if the migration batch was still running fine.. However, after DirSync is enabled it breaks.. But then I want DirSync enabled because I want the users to be able to log in with their network password..

¿Well here's my dilemma.. I want to leave the migration batch running for a few days after the MX record change so it can pull any emails that were sent to the onpremise server from servers that didn't get the updated DNS..

I also want my users to be able to login to their 365 accounts with their AD password..

So if I cant' enable DirSync until after I stop the migration batch, then they can't log in with their AD password..

If I stop the migration batch and enable DirSync then they can log in with their AD password but they may be missing some emails..

Is that right?
0
Comment
Question by:TBIRD2340
6 Comments
 
LVL 40

Expert Comment

by:Vasil Michev (MVP)
ID: 39928553
Change the MX on late Friday afternoon, and by Monday everyone should see the updated one. Then you can stop the batch and run dirsync. You can also ask them to check the on-prem mailbox once per day or something like that just to be sure.
0
 
LVL 1

Author Comment

by:TBIRD2340
ID: 39929081
My main issue is the password.. I don't want to have them log in with a different password, change it, match it, etc..

But if I can't install DirSync until after I stop the migration batch I don't see a way around this.. If that is the case, what is the best way to handle the passwords?
0
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 39933841
Hi

DirSync is for syncing data between on-prem and O365.

For SSO (Single Sign On) you need to make sure you have ADFS in place:
http://technet.microsoft.com/en-us/windowsserver/dd448613.aspx
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39937783
@pappaslim: Dirsync now supports Password syncing, so ADFS is not necessary. It isn't full SSO, but is instead Same Sign On with that enabled.

Your best bet would probably be to let the migration finish up, then set up Dirsync on your Tenant and get it installed and set up on your domain. Users wouldn't be able to access their email in the cloud until the first sync finishes, but that takes like 5 minutes or less if you have everything ready to go. So switch your MX records on a friday night as mentioned right after the migration completes, but before finalizing it. Wait 24 hours for the final Delta-Sync to occur, then close out the migration. Once the migration is closed out, enable Dirsync in your tenant and install Dirsync on a member server in your domain with password sync enabled. You may need to wait a couple ours for the dirsync change in O365 to apply, but once it is you can configure dirsync with the appropriate credentials and it will do its first sync very quickly. As long as the User Principal Names for your On-prem AD accounts matches the Domain name you use for their sign in accounts in the cloud, those users will be able to log in with their AD password as soon as the first full Dirsync completes.
0
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 39938112
@acbrown2010 - sweet, thanks!
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office Picture Manager was included in Office 2003, 2007, and 2010, but not in Office 2013. Users had hopes that it would be in Office 2016/Office 365, but it is not. Fortunately, the same zero-cost technique that works to install it with …
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question