Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Dirsync\Password Sync Scenario

Posted on 2014-03-18
4
Medium Priority
?
1,061 Views
Last Modified: 2014-03-20
I have a shop which formerly had an Exchange 2010 server in-house but was moved to Office 365 some time ago.  The Exchange server was decommissioned and staff use Outlook 2010 configured for the o365 servers.  They're now interested in setting up dirsync, and more specifically, password sync to manage all the o365 accounts via in-house AD so users only need one password to keep track of.

First, note that their in-house domain is not internet routable (contoso.local) so I've added a UPM (contoso.com) which matches their email domain.  The in-house domain and the UPM\email domain, however, do not match each other, so it's more like contosox.com vs contoso.local.

The OnRamp for o365 where I test the environment before enabling synchronization only offers 3 scenarios:  fresh start, mailbox migration, and hybrid.  This isn't really any of those.  

I have several questions that I'm not finding clear answers for.

How does dirsync identify and match up the existing mailboxes in o365 with the corresponding user in AD?  Or can it only create new mailboxes based off the AD objects?

As an extension of the first question (if we're not full-stop from it), there are several service accounts which have o365 mailboxes but no AD object and vice versa.  Should I make AD objects\can I skip mailbox creations?

The first half of the user email address matches the AD login, but as noted, the in-house domain does not match their email domain (and I used the email domain as the alternate UPM).  Do I have to change each user's config in AD to the alternate UPM?  Is this how I can associate AD users with the existing mailboxes?  This has the downside of making their in-house login names become their full email address when the goal here is to simplify things.

Basically the documentation is incredibly iffy but there are warnings all over about how dirsync should be considered permanent while fixing things post-sync is extremely complicated so clean up AD first.  Not a very nice combo.  Can someone with more experience with this product comment?  I can provide whatever additional info you need.  Thanks!
0
Comment
Question by:GS-Help
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 42

Assisted Solution

by:Adam Brown
Adam Brown earned 2000 total points
ID: 39938095
To get the local account and the cloud accounts working properly, the UPN for each user in the Local domain has to match the login name for the user accounts in Office 365. So if the user has a login name in Office 365 as bob@company.com, that user will have to have their AD UPN changed to @company.com instead of @company.local. If the two don't match, Dirsync will create a separate user in the cloud rather than matching the user's AD info up with their cloud account, so you have to change the UPN on all your users to do what you want. And you will want to make sure that's in place before you implement dirsync because Dirsync doesn't handle changes like that well at all.
0
 

Author Comment

by:GS-Help
ID: 39940130
Thanks much for the reply.  So the pre-existing mailboxes in o365 are not a problem, the sync won't overwrite them or anything so long as I've set the corresponding user's UPN to match?  They also have several users in AD who do not have email.  I assume sync will offer to create mailboxes for them but I can decline, since 1) they dont need them and 2) they don't have the licenses anyway?
0
 
LVL 42

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 39940919
As long as the UPNs match up, it will sync the info to the cloud account without issues. That's the primary key that Dirsync uses when exporting changes.

Also, Dirsync won't every create mailboxes for you. It will create account objects in Office 365, but those will not have mailboxes until you assign a license to the account objects that Dirsync creates.
0
 

Author Comment

by:GS-Help
ID: 39942374
Beautiful.  Thanks again, I think I'm ready to push the button over the weekend.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question