Before Starting the process of Deploying Dirsync, you must consider using some tools to see if your environment has no issues.
First you must use this tool IdFix check the active directory for any possible issues when installing Dirsync and synchronizing users and their objects to the cloud.
IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Office 365. IdFix is intended for the Active Directory administrators responsible for DirSync with the Office 365 service.
- To prepare Exchange for hybrid configuration with Exchange Online you need to prepare the following steps.
- Add your Primary SMTP domain to Office 365 cloud and verify ownership of the domain.
- Create your online users.
- Install DirSync http://go.microsoft.com/fwlink/?LinkID=278924
http://technet.microsoft.com/en-us/library/jj151800.aspx#BKMK_InstallDirSyncTool
- Install ADFS (Optional) for SSO (To authenticate users from Local AD)
Note about ADFS:
ADFS can be the reason of so much headache and it’s always better to avoid installing it, instead of using ADFS to use the same password for users on a large scale deployments, the Dirsync can Synchronize local Passwords to Azure AD and same password can be used for both users local and online.
- Create an enterprise admin user account on the domain for DirSync service
- Installation of Dirsync with Password synchronization: We prepare a separate server for the DirSync tool that is windows 2008 R2 SP1 or 2012 R2 installed and the server
should be domain joined in order to reach Active Directory.
- The account used with Dirsync should be member of the domain admin. Also you need to have the admin credentials for the tenant that you signed up to on O365.
http://technet.microsoft.com/en-us/library/jj151831.aspx
Next again
Click Next after selecting the proper location
While installing I had an error saying that current user was not member of the Synchronization Engine FIMSyncAdmins group.
I tried uninstall DirSync but it it gives the same error message
The FIMSyncAdmins group is a local group on the server. Your user is not a member of that group locally. Try adding your user to the group.. after adding the user to the required group the installation were completed successfully.
First you need to make sure that your customized (personal) domain is active.
Now we need to enable Dirsync from the portal, next to Active Directory ® Synchronization Click on Set up and activate DirSync.
Now click on Activate
Now after we made sure that our domain is active and we activated Dirsync on Office 365 portal let’s Go back to DirSync server to complete the steps and check if we can start syncing your Active Directory.
Type your enterprise admin user which you have prepared for Dirsync, for my case I’m just going to use the domain admin user since it’s a Lab.
Make sure you Enable Hybrid Deployment since Azure active directory will modify objects in your on-premises AD.
In case you would want to have your On-premises AD password for users synchronized with users on Office 365
then you must tick the option as in the below snapshot.
Here, When I click next I get an error as following:
Error:
The new version of Dirsync doesn’t accept the domain admin account.
Solution:
In order to resolve the problem you have to create a new user account with enterprise admin privileges
Use this account to connect to AD during config.
Here I created the new user and added the required groups.
After using the new account there was no issue with the setup and I could complete the configuration successfully.
Once the configuration finished you will be able to find event ID 611 in the logs.
Now checking Office 365 portal, I can see that users have been synced to the Office 365 portal:
