Solved

Dirsync\Password Sync Scenario

Posted on 2014-03-18
4
1,042 Views
Last Modified: 2014-03-20
I have a shop which formerly had an Exchange 2010 server in-house but was moved to Office 365 some time ago.  The Exchange server was decommissioned and staff use Outlook 2010 configured for the o365 servers.  They're now interested in setting up dirsync, and more specifically, password sync to manage all the o365 accounts via in-house AD so users only need one password to keep track of.

First, note that their in-house domain is not internet routable (contoso.local) so I've added a UPM (contoso.com) which matches their email domain.  The in-house domain and the UPM\email domain, however, do not match each other, so it's more like contosox.com vs contoso.local.

The OnRamp for o365 where I test the environment before enabling synchronization only offers 3 scenarios:  fresh start, mailbox migration, and hybrid.  This isn't really any of those.  

I have several questions that I'm not finding clear answers for.

How does dirsync identify and match up the existing mailboxes in o365 with the corresponding user in AD?  Or can it only create new mailboxes based off the AD objects?

As an extension of the first question (if we're not full-stop from it), there are several service accounts which have o365 mailboxes but no AD object and vice versa.  Should I make AD objects\can I skip mailbox creations?

The first half of the user email address matches the AD login, but as noted, the in-house domain does not match their email domain (and I used the email domain as the alternate UPM).  Do I have to change each user's config in AD to the alternate UPM?  Is this how I can associate AD users with the existing mailboxes?  This has the downside of making their in-house login names become their full email address when the goal here is to simplify things.

Basically the documentation is incredibly iffy but there are warnings all over about how dirsync should be considered permanent while fixing things post-sync is extremely complicated so clean up AD first.  Not a very nice combo.  Can someone with more experience with this product comment?  I can provide whatever additional info you need.  Thanks!
0
Comment
Question by:GS-Help
  • 2
  • 2
4 Comments
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 39938095
To get the local account and the cloud accounts working properly, the UPN for each user in the Local domain has to match the login name for the user accounts in Office 365. So if the user has a login name in Office 365 as bob@company.com, that user will have to have their AD UPN changed to @company.com instead of @company.local. If the two don't match, Dirsync will create a separate user in the cloud rather than matching the user's AD info up with their cloud account, so you have to change the UPN on all your users to do what you want. And you will want to make sure that's in place before you implement dirsync because Dirsync doesn't handle changes like that well at all.
0
 

Author Comment

by:GS-Help
ID: 39940130
Thanks much for the reply.  So the pre-existing mailboxes in o365 are not a problem, the sync won't overwrite them or anything so long as I've set the corresponding user's UPN to match?  They also have several users in AD who do not have email.  I assume sync will offer to create mailboxes for them but I can decline, since 1) they dont need them and 2) they don't have the licenses anyway?
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39940919
As long as the UPNs match up, it will sync the info to the cloud account without issues. That's the primary key that Dirsync uses when exporting changes.

Also, Dirsync won't every create mailboxes for you. It will create account objects in Office 365, but those will not have mailboxes until you assign a license to the account objects that Dirsync creates.
0
 

Author Comment

by:GS-Help
ID: 39942374
Beautiful.  Thanks again, I think I'm ready to push the button over the weekend.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office Picture Manager was included in Office 2003, 2007, and 2010, but not in Office 2013. Users had hopes that it would be in Office 2016/Office 365, but it is not. Fortunately, the same zero-cost technique that works to install it with …
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
This Experts Exchange lesson shows how to use VBA to loop through rows in Excel.  In order to sort, filter, and use database features, there needs to be a value in each column for every row. When data arrives with values missing, code to copy values…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question