Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Directory Synchronization issues for Office 365 users accounts

Posted on 2014-12-18
3
Medium Priority
?
87 Views
Last Modified: 2014-12-23
Hello MS team,

I just opened the same case with the ADFS team, and they said this is an AD issue between DC and AAD

In order to summarize the issue, whenever an account is enabled for O365 sometimes is never showed up in the O365 management console.

From what I understood on the initial assessment, the account was enabled by the name of jdoe@domainA.com email address for O365, and like I mentioned earlier, was never showed up in the o365 Management console.

Later on, the System Administrator found that the 0365 account used for sync is jdoemscloud@domainA.microsof.com. As per client “the password is definitely wrong on the DirSync server”

After further investigation, the network team has indicated that this could be a ADFS issue, however they also recommended to implement multicast for the Windows network load balancer [as per linkhttp://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006558].

Initial thoughts pointed to check the multicast setup on the upstream switch, static ARP entry.

What could be happen here that passwords and users are not synchronizing here?

Can you please send your thoughts regarding the ADFS troubleshooting steps and recommendation to fix this issue? Please provide step-by-step instructions.

Can you please provide your input regarding the Windows network load balancer option?

Is the article explained on link above accurate to isolate the network side of things? Could this be root cause of issue?

Please see environment below:

Exchange servers in an internal network with IP address 10.x.x.x

ADFS servers in a DMZ doing NAT with a Public IP address 4.x.x.x

Exchange is using another new IP public for the exchange server itself. I meant, is not going to NAT to the WNLB ADFS IP, it's going to NAT to the new Exchange server IP.

Your feedback is highly appreciated
0
Comment
Question by:Jerry Seinfield
  • 2
3 Comments
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 2000 total points
ID: 40507822
ADFS does not sync passwords. It actually authenticates against your AD servers on behalf of requesting applications. Dirsync can sync passwords if you want O365 to handle authentication. So troubleshooting starts with identifying which setup you have. Are you wanting to authenticate via ADFS, or via Azure? It is one or the other, not both.
0
 

Author Comment

by:Jerry Seinfield
ID: 40507906
yes, we authenticate via ADFS

Your thoughts?
0
 

Author Comment

by:Jerry Seinfield
ID: 40508260
Can anyone please provide an input?

YOur feedback is highly appreciated
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question