Solved

Dirsync\Password Sync Scenario

Posted on 2014-03-18
4
1,038 Views
Last Modified: 2014-03-20
I have a shop which formerly had an Exchange 2010 server in-house but was moved to Office 365 some time ago.  The Exchange server was decommissioned and staff use Outlook 2010 configured for the o365 servers.  They're now interested in setting up dirsync, and more specifically, password sync to manage all the o365 accounts via in-house AD so users only need one password to keep track of.

First, note that their in-house domain is not internet routable (contoso.local) so I've added a UPM (contoso.com) which matches their email domain.  The in-house domain and the UPM\email domain, however, do not match each other, so it's more like contosox.com vs contoso.local.

The OnRamp for o365 where I test the environment before enabling synchronization only offers 3 scenarios:  fresh start, mailbox migration, and hybrid.  This isn't really any of those.  

I have several questions that I'm not finding clear answers for.

How does dirsync identify and match up the existing mailboxes in o365 with the corresponding user in AD?  Or can it only create new mailboxes based off the AD objects?

As an extension of the first question (if we're not full-stop from it), there are several service accounts which have o365 mailboxes but no AD object and vice versa.  Should I make AD objects\can I skip mailbox creations?

The first half of the user email address matches the AD login, but as noted, the in-house domain does not match their email domain (and I used the email domain as the alternate UPM).  Do I have to change each user's config in AD to the alternate UPM?  Is this how I can associate AD users with the existing mailboxes?  This has the downside of making their in-house login names become their full email address when the goal here is to simplify things.

Basically the documentation is incredibly iffy but there are warnings all over about how dirsync should be considered permanent while fixing things post-sync is extremely complicated so clean up AD first.  Not a very nice combo.  Can someone with more experience with this product comment?  I can provide whatever additional info you need.  Thanks!
0
Comment
Question by:GS-Help
  • 2
  • 2
4 Comments
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 39938095
To get the local account and the cloud accounts working properly, the UPN for each user in the Local domain has to match the login name for the user accounts in Office 365. So if the user has a login name in Office 365 as bob@company.com, that user will have to have their AD UPN changed to @company.com instead of @company.local. If the two don't match, Dirsync will create a separate user in the cloud rather than matching the user's AD info up with their cloud account, so you have to change the UPN on all your users to do what you want. And you will want to make sure that's in place before you implement dirsync because Dirsync doesn't handle changes like that well at all.
0
 

Author Comment

by:GS-Help
ID: 39940130
Thanks much for the reply.  So the pre-existing mailboxes in o365 are not a problem, the sync won't overwrite them or anything so long as I've set the corresponding user's UPN to match?  They also have several users in AD who do not have email.  I assume sync will offer to create mailboxes for them but I can decline, since 1) they dont need them and 2) they don't have the licenses anyway?
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39940919
As long as the UPNs match up, it will sync the info to the cloud account without issues. That's the primary key that Dirsync uses when exporting changes.

Also, Dirsync won't every create mailboxes for you. It will create account objects in Office 365, but those will not have mailboxes until you assign a license to the account objects that Dirsync creates.
0
 

Author Comment

by:GS-Help
ID: 39942374
Beautiful.  Thanks again, I think I'm ready to push the button over the weekend.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This is my first article on Expert Exchange on the Manual Method of Exporting Office 365 Mailboxes to PST format by using the eDiscovery mechanism of Office. Hope you will enjoy the article.
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question