Refer these websites before installing Directory Synchronization server
FAQ — Directory Synchronization tool
Here are some answers to questions that are raised frequently for Directory Synchronization (also referred to as DirSync and Dir Sync) in the Office 365 forums.
Q: Where do I find information about downloading and installing the Directory Synchronization tool? A: Go to Install the Microsoft Online Services Directory Synchronization tool.
Q: What components are installed with Directory Synchronization (x86) for Office 365?
A: The following components are installed — Directory Synchronization — Identity Lifecycle Manager (ILM) 2007 — Microsoft SQL Server Express 2008 — Microsoft Online Services Sign-In Assistant
Q: Can Directory Synchronization be installed on a domain controller? A: No – this is because SQL Server Express is not supported on a domain controller.
Q: Can Directory Synchronization be installed on a 64-bit machine? A: Yes. See Directory Synchronization tool 64-bit support.
Q: When running Directory Synchronization, can I add users to Office 365 without adding them to the on-premises Active Directory? A: Yes. If you add these users to your on-premises Active Directory after you create them in Office 365, Directory Synchronization will “match” the on-premises user with the user in Office 365 based on the Primary SMTP address of the user.
Q: Can you synchronize users from Office 365 to on-premise Active Directory? A: No – Directory Synchronization only syncs user objects from on-premise Active Directory to Office 365. If you’ve enabled rich coexistence/hybrid during Setup, then Directory Synchronization tool will sync a sub-set of user data back to the on-premises organization. See “What happens if I enable Rich Coexistence” below.
Q: Can I disable Directory Synchronization after I install and configure it? A: Yes – See Directory synchronization and source of authority.
Q: Can Directory Synchronization be used by Office 365 for Small Businesses subscriptions? A: No – The feature to take advantage of Directory Synchronization is not available for Office 365 for Small Businesses subscriptions.
Q: Why do I occasionally see an “Error code 81” or “Server Busy” messages in my Event Log? Do I need to do anything? A: No, the Directory Synchronization tool will automatically retry if it receives a “Server Busy” message – no action is required by the administrator.
Q: Can I run Directory Synchronization tool on-demand? A: Yes. Load the “C:\program files\Microsoft Online Directory Sync\DirSyncConfigShell.psc1”, when the console loads, run the Start-OnlineCoexistenceSync cmdlet. This cmdlet will return results when it has started a sync cycle.
Q: Why do I need to provide Enterprise Admin permission to DirSync Setup? A: Enterprise Administrator credentials are needed to add a domain account (MSOL_AD_Sync) to the forest root domain and applies the appropriate read permissions for that account to all domains within your Active Directory Forest. Setup does not store the Enterprise Administrator credentials after this task is complete. Once the permissions are applied, this allows the MSOL_AD_Sync account read your Active Directory and synchronize to Office 365. Q: What exactly happens if I enable Rich Co-Existence during Setup? A: In addition to creating the MSOL_AD_Sync account which is used to read attribute values from objects in your Active Directory, a Security Group (called MSOL_AD_Sync_RichCoexistence) is created, and the MSOL_AD_Sync account is added to it. This Security Groups is then granted write-permissions to only the 6 attribute we need to write to in order to enable the rich coexistence/hybrid scenario. Specifically, we grant write-permission to the MSOL_AD_Sync_RichCoexistence security group to the following attributes on the following object types:
|ProxyAddresses||User, Contact, Group|
Q: Can the Directory Synchronization tool be installed on a Virtual Machine?
Q: What attributes are synchronized by the directory synchroniztion tool?
Q: What objects does the directory synchroniztion process filter out?
Support (KB) Articles for Directory Synchronization
- Error when you try to install the Microsoft Online Services Directory Synchronization Tool: “The current user is not member of Microsoft Identity Lifecycle Management (ILM) Admin Group”
- You cannot manage or remove objects that were synchronized from the on-premises Active Directory Domain Services to Office 365
- Error in the Office 365 portal: “Value of msRTCSIP-PrimaryUserAddress or the SIP address in the ProxyAddresses field in your local Active Directory is not unique”
- Exception has been thrown by the target or “Federation Information could not be received” error in a hybrid deployment of Office 365 and your on-premises environment
- How to manage Active Directory security groups and to mail-enable group objects in an Office 365 environment
- You receive error messages in the Directory Synchronization error report after you run Directory Synchronization in Microsoft Office 365 or in BPOS
- Individual Active Directory Domain Services objects do not synchronize to Office 365