Solved

Dirsync\Password Sync Scenario

Posted on 2014-03-18
4
1,035 Views
Last Modified: 2014-03-20
I have a shop which formerly had an Exchange 2010 server in-house but was moved to Office 365 some time ago.  The Exchange server was decommissioned and staff use Outlook 2010 configured for the o365 servers.  They're now interested in setting up dirsync, and more specifically, password sync to manage all the o365 accounts via in-house AD so users only need one password to keep track of.

First, note that their in-house domain is not internet routable (contoso.local) so I've added a UPM (contoso.com) which matches their email domain.  The in-house domain and the UPM\email domain, however, do not match each other, so it's more like contosox.com vs contoso.local.

The OnRamp for o365 where I test the environment before enabling synchronization only offers 3 scenarios:  fresh start, mailbox migration, and hybrid.  This isn't really any of those.  

I have several questions that I'm not finding clear answers for.

How does dirsync identify and match up the existing mailboxes in o365 with the corresponding user in AD?  Or can it only create new mailboxes based off the AD objects?

As an extension of the first question (if we're not full-stop from it), there are several service accounts which have o365 mailboxes but no AD object and vice versa.  Should I make AD objects\can I skip mailbox creations?

The first half of the user email address matches the AD login, but as noted, the in-house domain does not match their email domain (and I used the email domain as the alternate UPM).  Do I have to change each user's config in AD to the alternate UPM?  Is this how I can associate AD users with the existing mailboxes?  This has the downside of making their in-house login names become their full email address when the goal here is to simplify things.

Basically the documentation is incredibly iffy but there are warnings all over about how dirsync should be considered permanent while fixing things post-sync is extremely complicated so clean up AD first.  Not a very nice combo.  Can someone with more experience with this product comment?  I can provide whatever additional info you need.  Thanks!
0
Comment
Question by:GS-Help
  • 2
  • 2
4 Comments
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 39938095
To get the local account and the cloud accounts working properly, the UPN for each user in the Local domain has to match the login name for the user accounts in Office 365. So if the user has a login name in Office 365 as bob@company.com, that user will have to have their AD UPN changed to @company.com instead of @company.local. If the two don't match, Dirsync will create a separate user in the cloud rather than matching the user's AD info up with their cloud account, so you have to change the UPN on all your users to do what you want. And you will want to make sure that's in place before you implement dirsync because Dirsync doesn't handle changes like that well at all.
0
 

Author Comment

by:GS-Help
ID: 39940130
Thanks much for the reply.  So the pre-existing mailboxes in o365 are not a problem, the sync won't overwrite them or anything so long as I've set the corresponding user's UPN to match?  They also have several users in AD who do not have email.  I assume sync will offer to create mailboxes for them but I can decline, since 1) they dont need them and 2) they don't have the licenses anyway?
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39940919
As long as the UPNs match up, it will sync the info to the cloud account without issues. That's the primary key that Dirsync uses when exporting changes.

Also, Dirsync won't every create mailboxes for you. It will create account objects in Office 365, but those will not have mailboxes until you assign a license to the account objects that Dirsync creates.
0
 

Author Comment

by:GS-Help
ID: 39942374
Beautiful.  Thanks again, I think I'm ready to push the button over the weekend.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
If you don't know how to downgrade, my instructions below should be helpful.
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now