Cutover Migration - DirSync - DNS Changes - Migration Endpoint - Question Please...
So I've come to find that after DirSync is installed and Active Directory Synchronization is enabled on 365 side that the migration batch fails..
So my question is this.. I want to have DirSync enabled and to have my users be able to use their network passwords for 365.. So, I create the migration endpoint and the migration batch choosing cutover migration. It creates all the mailboxes on the 365 side and starts syncing mail..
I then install DirSync on my network and push my AD passwords.. It matches up the users to the mailboxes and life is good..
I then make the DNS changes and there is a time that email will be being delivered to both the on premise sever and the 365 servers depending on the amount of time it takes for DNS to propagate..
This is fine, if the migration batch was still running fine.. However, after DirSync is enabled it breaks.. But then I want DirSync enabled because I want the users to be able to log in with their network password..
¿Well here's my dilemma.. I want to leave the migration batch running for a few days after the MX record change so it can pull any emails that were sent to the onpremise server from servers that didn't get the updated DNS..
I also want my users to be able to login to their 365 accounts with their AD password..
So if I cant' enable DirSync until after I stop the migration batch, then they can't log in with their AD password..
If I stop the migration batch and enable DirSync then they can log in with their AD password but they may be missing some emails..
Is that right?
So my question is this.. I want to have DirSync enabled and to have my users be able to use their network passwords for 365.. So, I create the migration endpoint and the migration batch choosing cutover migration. It creates all the mailboxes on the 365 side and starts syncing mail..
I then install DirSync on my network and push my AD passwords.. It matches up the users to the mailboxes and life is good..
I then make the DNS changes and there is a time that email will be being delivered to both the on premise sever and the 365 servers depending on the amount of time it takes for DNS to propagate..
This is fine, if the migration batch was still running fine.. However, after DirSync is enabled it breaks.. But then I want DirSync enabled because I want the users to be able to log in with their network password..
¿Well here's my dilemma.. I want to leave the migration batch running for a few days after the MX record change so it can pull any emails that were sent to the onpremise server from servers that didn't get the updated DNS..
I also want my users to be able to login to their 365 accounts with their AD password..
So if I cant' enable DirSync until after I stop the migration batch, then they can't log in with their AD password..
If I stop the migration batch and enable DirSync then they can log in with their AD password but they may be missing some emails..
Is that right?
Vasil Michev (MVP)
Change the MX on late Friday afternoon, and by Monday everyone should see the updated one. Then you can stop the batch and run dirsync. You can also ask them to check the on-prem mailbox once per day or something like that just to be sure.
ASKER
My main issue is the password.. I don't want to have them log in with a different password, change it, match it, etc..
But if I can't install DirSync until after I stop the migration batch I don't see a way around this.. If that is the case, what is the best way to handle the passwords?
But if I can't install DirSync until after I stop the migration batch I don't see a way around this.. If that is the case, what is the best way to handle the passwords?
Hi
DirSync is for syncing data between on-prem and O365.
For SSO (Single Sign On) you need to make sure you have ADFS in place:
http://technet.microsoft.com/en-us/windowsserver/dd448613.aspx
DirSync is for syncing data between on-prem and O365.
For SSO (Single Sign On) you need to make sure you have ADFS in place:
http://technet.microsoft.com/en-us/windowsserver/dd448613.aspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@acbrown2010 - sweet, thanks!