<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2529 " id="quads-ad2529" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<p>Before Starting the process of Deploying Dirsync, you must consider using some tools to see if your environment has no issues.</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2527 " id="quads-ad2527" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2522 " id="quads-ad2522" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2529 " id="quads-ad2529" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>




<p>First you must use this tool <strong>IdFix</strong> check the active directory for any possible issues when installing Dirsync and synchronizing users and their objects to the cloud. </p>



<p>IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Office 365. IdFix is intended for the Active Directory administrators responsible for DirSync with the Office 365 service.</p>



<p><a href="http://community.office365.com/en-us/w/diagnostic_tools/default.aspx?ss=465d14b0-c5fe-4bbf-84d2-c791113732e2#idfixdirsyncerrorremediationtool">http://community.office365.com/en-us/w/diagnostic_tools/default.aspx?ss=465d14b0-c5fe-4bbf-84d2-c791113732e2#idfixdirsyncerrorremediationtool</a></p>



<ol class="wp-block-list"><li><strong>To prepare Exchange for hybrid configuration with Exchange Online you need to prepare the following steps.</strong></li></ol>



<ul class="wp-block-list"><li>Add your Primary SMTP domain to Office 365 cloud and verify ownership of the domain.</li><li>Create your online users.</li><li>Install DirSync <a href="http://www.google.com/url?q=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D278924&;sa=D&;sntz=1&;usg=AFQjCNFwa85zDzR8ASUa_dtsvDzTN8O2oQ" target="_blank" rel="noreferrer noopener">http://go.microsoft.com/fwlink/?LinkID=278924</a></li></ul>



<p><a href="http://technet.microsoft.com/en-us/library/jj151800.aspx#BKMK_InstallDirSyncTool">http://technet.microsoft.com/en-us/library/jj151800.aspx#BKMK_InstallDirSyncTool</a></p>



<ul class="wp-block-list"><li>Install ADFS (<strong>Optional</strong>) for SSO (To authenticate users from Local AD)</li></ul>



<p><strong>Note about ADFS:</strong></p>



<p>ADFS can be the reason of so much headache and it&#8217;s always better to avoid installing it, instead of using ADFS to use the same password for users on a large scale deployments, the Dirsync can Synchronize local Passwords to Azure AD and same password can be used for both users local and online.</p>



<ol class="wp-block-list"><li>Create an enterprise admin user account on the domain for DirSync service</li><li>Installation of Dirsync with Password synchronization: We prepare a separate server for the DirSync tool that is windows 2008 R2 SP1 or 2012 R2 installed and the server</li></ol>



<p>should be domain joined in order to reach Active Directory.</p>



<ol class="wp-block-list"><li>The account used with Dirsync should be member of the domain admin. Also you need to have the admin credentials for the tenant that you signed up to on O365.</li></ol>



<p><a href="http://technet.microsoft.com/en-us/library/jj151831.aspx">http://technet.microsoft.com/en-us/library/jj151831.aspx</a></p>



<figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/qVSpNetFpzO3160QfC2L6MjTRXVReJzC6ZHaoeIUn9huWA8sYJJeSE3rfd7Vlzzkq86BoeZBxJJGtvJKofgRmpM5avvB1lqvFQ5rp8jH9EWiJFrgg0I=w673" alt=""/> 

<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2525 " id="quads-ad2525" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>
 
</figure>



<p>Next again</p>



<figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/ug6vm-ajWuKcHHYKFOWmL795B0e7BOWeu-q6WqOjo3AUW4FpCMS6YYneQkbu7lasHIdXkLMe9v5gZ8L29Lmhs8j-fdQTPhnjCUcibonmZ_cXUi77uw0=w673" alt=""/></figure>



<p>Click Next after selecting the proper location</p>



<figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/GJ8aZqvy9BQmTd06-opVDpIt4Df9D4O1N0QWhUneTp3x5Qwah1Ne5BxI4r0XmVZlRua2svGzkZNt_oSA7asMyW6EzeLtUpFQJwcLX1mSRrrQZeE_MiM=w673" alt=""/></figure>



<p>While installing I had an error saying that current user was not member of the Synchronization Engine FIMSyncAdmins group. </p>



<p>I tried uninstall DirSync but it it gives the same error message</p>



<figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/XdZCLxaDql2C06aVOEEdmACLZNxX8K-gX93wtjO21MsdMrQ-R7ufXSjHd2Fmuxcat1UJKbX6CMeYEBjUWT_57SxITumKYl0ju0z1-bXBbjv1x_SpxJw=w773" alt=""/></figure>



<p>The FIMSyncAdmins group is a local group on the server. Your user is not a member of that group locally. Try adding your user to the group.. after adding the user to the required group the installation were completed successfully.</p>



<figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/UjlvuaEI5griv_piiO4D8AihqKJZAEaHyrk4l5TwIcEWJIR5S1uDk4nhhPEwjhc20GtSrZo=w773" alt=""/></figure>



<figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/clJvoRQkBzwEQLcrMJOsp72HkIxdBDtzF3FPM3zAZBTZi7aSCDHgCHW_T72cEl0EU0z9XF-BhSbuvYZuwf6IxyRhv2TvwE46IvLVHVin13iiVm45t78=w773" alt=""/></figure>



<figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/UT1CxDv7mKkt_wPRjUqSy0H65dvMnTs3C-8JqbE0ISLMYbCjRTL_y7rDRA3Orz6PdbSkEdFPWioF_JALiQKEehD0IYgARUg4zi_z-dvDcPw2g3iJg9c=w773" alt=""/></figure>



<figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/eI6aZAk2LVPwJcKV01q3c3FQqCXCQtiDm9R17SPSBSiRfmE0k8hwipSFXcVnIMWJ7DitXtLQd-EFFxMR5itEMaXf6t4KmVdxoffiFcfWkClGTqLZKNI4=w773" alt=""/></figure>



<p>First you need to make sure that your customized (personal) domain is active.</p>



<figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/_AkuBaNX04HJfL8D9R8dc15nXnl0qhIHNFSgFTegR4eGYzyK0jKxzJBHLDk1Sz91OB2_I7HIz1j5AaUVtS5k5S5EYurXOznQonP4u5OsgbXSPlW6jSaN=w673" alt=""/></figure>



<p>Now we need to enable Dirsync from the portal, next to Active Directory ® Synchronization Click on <strong>Set up</strong> and activate DirSync.</p>



<figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/UocJnKGbcXXqewKT4bflt8VPoWwGaXA4YeuhhhBkPHRZg97u4k_99bzoODp1lWPW-8Ie_bM2z2cGDrnsCl0arWxOqJlMrmLf-dC8w7Xo2_O9N3hsv7s=w1175" alt=""/></figure>



<p>Now click on Activate</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2525 " id="quads-ad2525" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>




<figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/Q4bYjJq4dT6OpcjnRRqi7KrOi7cT1f3LNlhSXD-1FysoGFt4DbURYanlW6-TD44Dzi3n1R0RpE1tq4edz-lB8Ld-sicpbXdNxpff03q3LrIvx67l1Vo=w1175" alt=""/></figure>



<p>Now after we made sure that our domain is active and we activated Dirsync on Office 365 portal let&#8217;s Go back to DirSync server to complete the steps and check if we can start syncing your Active Directory.</p>



<figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/VI0llV3qae1CqUkO6gH-0myYckqe3aqm2sZPU-7hP6xEqeYtVDvhM-ZasQXkVhs9AY_p3P4L-RiBnJe777deahcWNWsDzCD9EbHdf-RqRX6FRnYqvA=w773" alt=""/></figure>



<p>Type your enterprise admin user which you have prepared for Dirsync, for my case I&#8217;m just going to use the domain admin user since it&#8217;s a Lab. </p>



<figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/oUgv0l5UpAdQG3gCe2oBAiMC8ue1eJ8AtFItY7QhTfSWapTfG_W6zd2RvqVu7D3ZE6QxS8XB5jYO8vFRrrZrVsfhj8cEG94EbxBSShj816S74W7csA=w1175" alt=""/></figure>



<p>Make sure you Enable Hybrid Deployment since Azure active directory will modify objects in your on-premises AD.</p>



<figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/tcUwRXVQq0Gt2Net8wP0WWhVHc9nnOCqv5gwsvLYcKY0iT1Kd9gS9ZWewbH6t5gFpuwCi3kpnOZ203ctbaG4aELVq02Cy2vDs7r4Kfr0nHdZfhnHiUs=w673" alt=""/></figure>



<p>In case you would want to have your On-premises AD password for users synchronized with users on Office 365</p>



<p>then you must tick the option as in the below snapshot.</p>



<figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/yi1R87RrtUrwpcgU68oW88O9GINg3BVW_8_S5TDug1wWV5HDvsqEbEDk32Hvkre1Ki4sLUzIolqXg10TNR_UzITP3T_uqPunCmhMXhnQXyPwztaojlOl=w673" alt=""/></figure>



<p>Here, When I click next I get an error as following:</p>



<figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/-1UEcfIis36HPY7DpiMatpl2mGHfjKLtftzjN9JZVlN1ndXElodRiy9wg_z2Owv2x7tVpCxUfMZgC8T0M1gWlNjsv5OAPhgsmCcSgJ_vV0BwSME9cg=w673" alt=""/></figure>



<p><strong>Error:</strong></p>



<p>The new version of Dirsync doesn&#8217;t accept the domain admin account.</p>



<p><strong>Solution:</strong></p>



<p>In order to resolve the problem you have to create a new user account with enterprise admin privileges</p>



<p>Use this account to connect to AD during config.</p>



<p>Here I created the new user and added the required groups.</p>



<figure class="wp-block-image"><img src="https://lh4.googleusercontent.com/tw6nlFJUbyKhCOHhzSOF9LGQIrv44SOfNzdP-7bacAcyCSsIHREO3e0X_JipK0iBDhkxICVeHbnPIeUpEHO2n6bACWvWLXbG34_yKGbzzqIIeQsN9A=w472" alt=""/></figure>



<p>After using the new account there was no issue with the setup and I could complete the configuration successfully.</p>



<figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/YPYye9jviEbaPfv7aJq9cQAFZBQlGwbeuvlxR5dvqIFvoEXB54hzctqNVkBg0VWGefbLdI4k5ps7HgqmzST1eIh76I4Tog3ix_wl1Qq13xmStnUJJA=w673" alt=""/></figure>



<figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/8Zm8VeiNDAfwVx7_ThAUeQzPj7D4lZtnvQ87f-W2YfdS-kzHSipm22sEzKrUufMIHjF0DUmTq1MIg2twFRd3bCBl5ONekkVBen4-0A8-ZEI1ZhNTK0E=w673" alt=""/></figure>



<figure class="wp-block-image"><img src="https://lh3.googleusercontent.com/VZtGOwM9YW6Uwu9u4Q_x5shbVKvRhR2KWkEi3vvoFvEcv5toihYETp6rZV-0HBUnzfLPUdFKAf7GRHzeMddStOP4QRRsfqRDXa1qtcJyqzM1LVlS0rU=w673" alt=""/></figure>



<p>Once the configuration finished you will be able to find event ID 611 in the logs.</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2528 " id="quads-ad2528" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>




<figure class="wp-block-image"><img src="https://lh6.googleusercontent.com/dVzgsV6TVtZYXs_KvjQCqconuTjmK1rYYV0canZH6-j1YmrJsjQaCJ2uvDe0yNv7SW5edpnyJ5HV00yXbYQrVz0CWpvqavPybGEmBVVxxsNH-D-YfZw=w673" alt=""/></figure>



<p>Now checking Office 365 portal, I can see that users have been synced to the Office 365 portal:</p>



<figure class="wp-block-image"><img src="https://lh5.googleusercontent.com/YRrx_1tUfUcEQYfAIBegvklcjyEY5p4Ct6_JSQIgq9TpUon8xfLc2ZBj4xOKozfHyul6xQI8JfJePTa0tn3D5G0NBHBWvAZ101riurtRi-CtSsd4vw=w1175" alt=""/></figure>
</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2530 " id="quads-ad2530" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>


Reset and manage your Active Directory users' Passwords Active Directory is one of the most…
Finding Exchange Database hidden mailboxes. Story:Maybe you have been in this situation before, trying to…
If you're using a Proxy server in your firewall or in your network and have…
Story:I got some clients that have reported some of their users being locked out and…
Delegate Permissions This is a code that I have wrote recently to check if an…
Story: I got a request from a client who constantly gets CVs and have to…