Solved

Remove an OU from DirSync in the middle of a Staged Migration

Posted on 2015-01-31
11
161 Views
Last Modified: 2015-02-05
I have been successfully DirSync 4 thousand users during a staged migration.
I just realized there is an entire OU filled with 1200 "users" that are simply place holders for wireless users.
I am not a network guy but I recognize this a security mechanism or the like - but it does not need to be synced.

Anyway, my question is how can I exclude this OU now that it is already "Syncing"?

Thank you for your time in advance.
0
Comment
Question by:K B
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
11 Comments
 
LVL 17

Expert Comment

by:Ivan
ID: 40581940
Hi,

I don't think there is a "stop" button for this. After sync is done, you can configure exclusion for OU, export Azure AD (from dyr sync tool) and do a Full Sync Full Import, so that specified OU get's deleted from Office 365.

Regards
0
 
LVL 8

Author Comment

by:K B
ID: 40581942
Will this cause an interruption of service?
0
 
LVL 17

Expert Comment

by:Ivan
ID: 40581950
Well, I have done this few days ago and everything was working. Required users got deleted, I was logged on the entire time on office 365, Lync worked for all users..

I don't think there is any interruption, but I am not 100% sure.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 22

Expert Comment

by:Jakob Digranes
ID: 40582771
@spriggan13 is correct.... as long as you don't remove any users with licenses and mailboxes assigned to them - no probl
0
 
LVL 8

Author Comment

by:K B
ID: 40582818
So I don't stop DirSync in any way?

1. I configure the OU exclusions (where in DirSync)?

   2. Then Remove-MsolUser ...the users I don't want synced (& removefromrecyclebin) ?
      3. Anything else?


Thanks again!
0
 
LVL 22

Expert Comment

by:Jakob Digranes
ID: 40582852
only 1.
http://blogs.msdn.com/b/denotation/archive/2012/11/21/installing-and-configure-dirsync-with-ou-level-filtering-for-office365.aspx 
remove OU here then run full import full sync

no need to delete users from OFfice 365 -- they'll be removed from recycle bin in 30 days
0
 
LVL 17

Assisted Solution

by:Ivan
Ivan earned 250 total points
ID: 40582873
Hi,

as jakob_si said, you don't delete users that were synced from you AD by going to Office 365 and deleting them there.
When you configure OU or users filtering in DirSync, those OU/users will get deleted from Office 365.

So:
1. Configure DirSync filtering so required OU/users get filtered
2. Run Export Azure AD, from DirSync tool --> this will delete those OU/users after you run command in step 3.
3. Run Full Import Full Sync from DirSync tool
0
 
LVL 8

Author Comment

by:K B
ID: 40582953
Thanks Gents,

So in summary I do not rerun the DirSync setup.. instead I run:

1.      From your DirSync Server navigate to <Drive>\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell

2.      Double click on miisclient.exe

3.      In Identity Manager, click Management Agents, and then double-click SourceAD.

4.      Click Configure Directory Partitions, and then click Container.

5.      When prompted, enter your domain credentials for the on-premises Active Directory forest.

6.      In the Select Containers dialog box, clear the OUs that you want to skip from syncing to Office365, and then click OK.

7.      Click OK on the SourceAD Properties page.

8.      Perform a full sync: on the Management Agent tab, right-click SourceAD, click Run, click Full Import Full Sync, and then click OK.
0
 
LVL 22

Accepted Solution

by:
Jakob Digranes earned 250 total points
ID: 40583443
Yes .... and within a couple of hours, users not synced will be removed from O365
0
 
LVL 8

Author Comment

by:K B
ID: 40592319
Close App & restart the FIM service before Step 8?

Does this sound logical?  Heard this from a SME

thoughts?
0
 
LVL 22

Expert Comment

by:Jakob Digranes
ID: 40593041
never done that
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question