Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 488
  • Last Modified:

Cutover Migration - DirSync - DNS Changes - Migration Endpoint - Question Please...

So I've come to find that after DirSync is installed and Active Directory Synchronization is enabled on 365 side that the migration batch fails..

So my question is this.. I want to have DirSync enabled and to have my users be able to use their network passwords for 365.. So, I create the migration endpoint and the migration batch choosing cutover migration. It creates all the mailboxes on the 365 side and starts syncing mail..

I then install DirSync on my network and push my AD passwords.. It matches up the users to the mailboxes and life is good..

I then make the DNS changes and there is a time that email will be being delivered to both the on premise sever and the 365 servers depending on the amount of time it takes for DNS to propagate..

 This is fine, if the migration batch was still running fine.. However, after DirSync is enabled it breaks.. But then I want DirSync enabled because I want the users to be able to log in with their network password..

¿Well here's my dilemma.. I want to leave the migration batch running for a few days after the MX record change so it can pull any emails that were sent to the onpremise server from servers that didn't get the updated DNS..

I also want my users to be able to login to their 365 accounts with their AD password..

So if I cant' enable DirSync until after I stop the migration batch, then they can't log in with their AD password..

If I stop the migration batch and enable DirSync then they can log in with their AD password but they may be missing some emails..

Is that right?
0
TBIRD2340
Asked:
TBIRD2340
1 Solution
 
Vasil Michev (MVP)Commented:
Change the MX on late Friday afternoon, and by Monday everyone should see the updated one. Then you can stop the batch and run dirsync. You can also ask them to check the on-prem mailbox once per day or something like that just to be sure.
0
 
TBIRD2340Author Commented:
My main issue is the password.. I don't want to have them log in with a different password, change it, match it, etc..

But if I can't install DirSync until after I stop the migration batch I don't see a way around this.. If that is the case, what is the best way to handle the passwords?
0
 
Mark GalvinManaging Director / Principal ConsultantCommented:
Hi

DirSync is for syncing data between on-prem and O365.

For SSO (Single Sign On) you need to make sure you have ADFS in place:
http://technet.microsoft.com/en-us/windowsserver/dd448613.aspx
0
 
Adam BrownSr Solutions ArchitectCommented:
@pappaslim: Dirsync now supports Password syncing, so ADFS is not necessary. It isn't full SSO, but is instead Same Sign On with that enabled.

Your best bet would probably be to let the migration finish up, then set up Dirsync on your Tenant and get it installed and set up on your domain. Users wouldn't be able to access their email in the cloud until the first sync finishes, but that takes like 5 minutes or less if you have everything ready to go. So switch your MX records on a friday night as mentioned right after the migration completes, but before finalizing it. Wait 24 hours for the final Delta-Sync to occur, then close out the migration. Once the migration is closed out, enable Dirsync in your tenant and install Dirsync on a member server in your domain with password sync enabled. You may need to wait a couple ours for the dirsync change in O365 to apply, but once it is you can configure dirsync with the appropriate credentials and it will do its first sync very quickly. As long as the User Principal Names for your On-prem AD accounts matches the Domain name you use for their sign in accounts in the cloud, those users will be able to log in with their AD password as soon as the first full Dirsync completes.
0
 
Mark GalvinManaging Director / Principal ConsultantCommented:
@acbrown2010 - sweet, thanks!
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now