DirSync question- password sync ONLY

Hi all,

I have a windows 2012R2 network with about 250 users. They are set up in security groups/OU's etc for permission needs to certain folders/files.
I also have Office 365 I'm using for exchange, and have Distribution only groups set up there.

The two systems are quite different in group memberships.

My question is:  Can I set up dirsync and not have it change/migrate any groups or memberships, and just sync the password only of users?
LVL 8
SeaSenorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Raheman M. AbdulSenior Infrastructure Support Analyst & Systems DeveloperCommented:
Yes you can do only password sync (tick) and untick to "Synchonize your directories now" when you run the Windows Azure Active Directory Sync Tool.
see attached.
2.jpg
1.jpg
0
SeaSenorAuthor Commented:
Does it automatically create a user in Office 365 if I create a user in my local AD?
0
Vasil Michev (MVP)Commented:
The users in question still need to be synced for password sync to work. Or at least have the ImmutableId populated.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

SeaSenorAuthor Commented:
All the users I need are already in Office 365.
They have the identical domain name (email address) as my local domain users.

will I get the dreaded double users scenario in office 365 that I read about?
0
Vasil Michev (MVP)Commented:
Depends. When you first activate dirsync, it will try to match the accounts via ImmutableID (which should be empty in your case), and then by the primary SMTP address. If it finds a match - it will overwrite the attributes of this object with the on-prem values. If not - it will create a new account. The process is explained here (so-called soft-matching): http://support.microsoft.com/kb/2641663
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SeaSenorAuthor Commented:
The users were in fact migrated earlier. I just kept it all separate due to the group membership discrepancies.  Would they have an ImmutableID in that case?
0
Vasil Michev (MVP)Commented:
Define migrated, did you use dirsync previously? You can easily check if the ImmutableID is populated via PowerShell:

Get-MsolUser -UserPrincipalName user@domain.com | fl ImmutableID

Open in new window


Or in general:

Get-MsolUser -All | ? {$_.ImmutableId -ne $null}

Open in new window

0
SeaSenorAuthor Commented:
No dirsync ever yet.  
I just migrated the mailboxes from our on premise Exchange 2010 servers.
After that I set up distribution groups and added users accordingly.
Other than password sync I have no desire to sync them. I'm wondering if it's worth it even then.
0
Vasil Michev (MVP)Commented:
That's up to you. It will certainly be easier for the users to remember a single set of credentials. But enabling dirsync means that you must keep the Exchange server on-prem active in order to manage any Exchange related attributes (if you want to stay in supported scenario that is). And can indeed cause you some trouble with overwritting attributes, DG membership management, etc.
0
SeaSenorAuthor Commented:
I don't have any exchange servers on prem. They were removed long ago after the migration.

I don't have any desire to manage them on prem either really.  
Just wanted to know if it was possible to sync passwords only without dirsync messing with anything else.
0
SeaSenorAuthor Commented:
the ImmutableID's are blank from what I can tell.
0
SeaSenorAuthor Commented:
Not worth it in the long run I guess.  The convenience of having users with one password seems neutralized by having the additional overhead of running dirsync and on prem server to maintain.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.