Avatar of Garry Shape
Garry Shape
Flag for United States of America asked on

DirSync server - setup effects?

I have a 100% on-premise setup going currently, with Active Directory and Exchange. Windows 2012 R2 servers, and 2008 R2 servers.
We have O365 licenses that are not being used, unfortunately. I want to sync a pilot group to start using things like Skype for Business, and SharePoint online, then later down the road have a hybrid Exchange setup.
Couple issues I noticed, however, is there are a couple hundred accounts already sitting in O365, that appear to be the result of a screwy sync a while back. I don't think deleting them will do anything, as I know nobody in the organization is using O365 for anything (besides people like me with an Admin account that can login and manage stuff).
Is there any harm in removing all those accounts from O365, and re-deploying a DirSync server? Deploying the DirSync server, does that start automatically doing things an admin wouldn't want it to do? Or when deploying, am I setting it up on my terms? Like being able to only select a specific OU for syncing (like my pilot group)?
Lastly (I think), is there a need to verify our federated domain (we'd be authenticating with O365 with our UserPrincipalName) with an mx or txt record or anything, or is that only for Exchange Online?
Microsoft 365

Avatar of undefined
Last Comment
Vasil Michev (MVP)

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Vasil Michev (MVP)

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Garry Shape

ASKER
Cool ok thanks.

So verifying the domain doesn't cause on-premise issues, right? It just sends a message to Microsoft that "yes this is our domain", basically?
SOLUTION
Vasil Michev (MVP)

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Garry Shape

ASKER
Also we don't have licensing for Azure. Just the school licensing for O365.
Is there a different download I need to get? Or should the DirSync download that I need be available within the Admin center of O365?
Vasil Michev (MVP)

You dont need it, it's already included with O365. Unless you are talking about Azure AD Premium, but the features AAD Premium offers are all optional.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Garry Shape

ASKER
Ok thanks and one more Q if you don't mind.

I installed the tool and unchecked the post-install option to run a full sync.
I rebooted and logged back in.

I had to research to find what tool to run for container-specific synchronizing, and I found/ran "C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe"

However I show two entries here...

HQDirSync01
Which one do I edit properties on to sync?
Vasil Michev (MVP)

The AD connector, bottom one.
Garry Shape

ASKER
Hmm ok thanks. Well whatever happened, I hadn't run any sync yet, but I can't seem to log back into my tenant with my tenant login, lol. It was username@Company.OnMicrosoft.com and can't login anymore, kind of strange.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Vasil Michev (MVP)

There was a service outage earlier today, should be fine now
Garry Shape

ASKER
Well that was coincidental, and very confusing, LOL.

So here's what happened.
I just had another admin login and reset the password to one of my other admin accounts.

When I logged in, I couldn't find the user I was able to login with before (user@domain.onmicrosoft.com).

Instead when searching my last name, I found my AD account which said "Synced with Active Directory".

So I'm wondering if the sync didn't delete my user@domain.onmicrosoft.com, but replaced/updated it with my user@domain.com (federated UPN) which then couldn't authenticate due to the ADFS redirect going on with the o365 tenant.

I just need to figure out how to remove the ADFS redirect, whether that's in O365 or DNS zone file, then I think I'm good.

Whatever happened though, didn't affect the other admin. I can still login with my other admin account user2@domain.onmicrosoft.com.
Vasil Michev (MVP)

Seems like you soft-matched the account (http://support.microsoft.com/kb/2641663)
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck