Solved

Cutover Migration - DirSync - DNS Changes - Migration Endpoint - Question Please...

Posted on 2014-03-13
6
423 Views
Last Modified: 2016-06-01
So I've come to find that after DirSync is installed and Active Directory Synchronization is enabled on 365 side that the migration batch fails..

So my question is this.. I want to have DirSync enabled and to have my users be able to use their network passwords for 365.. So, I create the migration endpoint and the migration batch choosing cutover migration. It creates all the mailboxes on the 365 side and starts syncing mail..

I then install DirSync on my network and push my AD passwords.. It matches up the users to the mailboxes and life is good..

I then make the DNS changes and there is a time that email will be being delivered to both the on premise sever and the 365 servers depending on the amount of time it takes for DNS to propagate..

 This is fine, if the migration batch was still running fine.. However, after DirSync is enabled it breaks.. But then I want DirSync enabled because I want the users to be able to log in with their network password..

¿Well here's my dilemma.. I want to leave the migration batch running for a few days after the MX record change so it can pull any emails that were sent to the onpremise server from servers that didn't get the updated DNS..

I also want my users to be able to login to their 365 accounts with their AD password..

So if I cant' enable DirSync until after I stop the migration batch, then they can't log in with their AD password..

If I stop the migration batch and enable DirSync then they can log in with their AD password but they may be missing some emails..

Is that right?
0
Comment
Question by:TBIRD2340
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 41

Expert Comment

by:Vasil Michev (MVP)
ID: 39928553
Change the MX on late Friday afternoon, and by Monday everyone should see the updated one. Then you can stop the batch and run dirsync. You can also ask them to check the on-prem mailbox once per day or something like that just to be sure.
0
 
LVL 1

Author Comment

by:TBIRD2340
ID: 39929081
My main issue is the password.. I don't want to have them log in with a different password, change it, match it, etc..

But if I can't install DirSync until after I stop the migration batch I don't see a way around this.. If that is the case, what is the best way to handle the passwords?
0
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 39933841
Hi

DirSync is for syncing data between on-prem and O365.

For SSO (Single Sign On) you need to make sure you have ADFS in place:
http://technet.microsoft.com/en-us/windowsserver/dd448613.aspx
0
 
LVL 40

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39937783
@pappaslim: Dirsync now supports Password syncing, so ADFS is not necessary. It isn't full SSO, but is instead Same Sign On with that enabled.

Your best bet would probably be to let the migration finish up, then set up Dirsync on your Tenant and get it installed and set up on your domain. Users wouldn't be able to access their email in the cloud until the first sync finishes, but that takes like 5 minutes or less if you have everything ready to go. So switch your MX records on a friday night as mentioned right after the migration completes, but before finalizing it. Wait 24 hours for the final Delta-Sync to occur, then close out the migration. Once the migration is closed out, enable Dirsync in your tenant and install Dirsync on a member server in your domain with password sync enabled. You may need to wait a couple ours for the dirsync change in O365 to apply, but once it is you can configure dirsync with the appropriate credentials and it will do its first sync very quickly. As long as the User Principal Names for your On-prem AD accounts matches the Domain name you use for their sign in accounts in the cloud, those users will be able to log in with their AD password as soon as the first full Dirsync completes.
0
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 39938112
@acbrown2010 - sweet, thanks!
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Read this checklist to learn more about the 15 things you should never include in an email signature.
Adoption of Microsoft’s Enterprise Mobility and Security solution and Office 365 will re-order the File Sync and Share market Microsoft has stated that its Enterprise Mobility + Security (EMS) is the fastest growing product in the history of the …
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
how to add IIS SMTP to handle application/Scanner relays into office 365.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question