, ,

Refer these websites before  installing Directory Synchronization server











FAQ — Directory Synchronization tool

Rate this

Here are some answers to questions that are raised frequently for Directory Synchronization (also referred to as DirSync and Dir Sync) in the Office 365 forums.

Q: Where do I find information about downloading and installing the Directory Synchronization tool? A: Go to Install the Microsoft Online Services Directory Synchronization tool.

Q: What components are installed with Directory Synchronization (x86) for Office 365?

A: The following components are installed — Directory Synchronization — Identity Lifecycle Manager (ILM) 2007 — Microsoft SQL Server Express 2008 — Microsoft Online Services Sign-In Assistant

Q: Can Directory Synchronization be installed on a domain controller? A: No – this is because SQL Server Express is not supported on a domain controller.

Q: Can Directory Synchronization be installed on a 64-bit machine? A: Yes. See Directory Synchronization tool 64-bit support.

Q: When running Directory Synchronization, can I add users to Office 365 without adding them to the on-premises Active Directory? A: Yes.  If you add these users to your on-premises Active Directory after you create them in Office 365, Directory Synchronization will “match” the on-premises user with the user in Office 365 based on the Primary SMTP address of the user.
Q: Can you synchronize users from Office 365 to on-premise Active Directory? A: No – Directory Synchronization only syncs user objects from on-premise Active Directory to Office 365. If you’ve enabled rich coexistence/hybrid during Setup, then Directory Synchronization tool will sync a sub-set of user data back to the on-premises organization.  See “What happens if I enable Rich Coexistence” below.

Q: Can I disable Directory Synchronization after I install and configure it? A: Yes – See Directory synchronization and source of authority.

Q: Can Directory Synchronization be used by Office 365 for Small Businesses subscriptions? A: No – The feature to take advantage of Directory Synchronization is not available for Office 365 for Small Businesses subscriptions.

Q: Why do I occasionally see an “Error code 81” or “Server Busy” messages in my Event Log?  Do I need to do anything? A: No, the Directory Synchronization tool will automatically retry if it receives a “Server Busy” message – no action is required by the administrator.

Q: Can I run Directory Synchronization tool on-demand? A: Yes.  Load the “C:\program files\Microsoft Online Directory Sync\DirSyncConfigShell.psc1”, when the console loads, run the Start-OnlineCoexistenceSync cmdlet.  This cmdlet will return results when it has started a sync cycle.

Q: Why do I need to provide Enterprise Admin permission to DirSync Setup? A: Enterprise Administrator credentials are needed to add a domain account (MSOL_AD_Sync) to the forest root domain and applies the appropriate read permissions for that account to all domains within your Active Directory Forest.  Setup does not store the Enterprise Administrator credentials after this task is complete.  Once the permissions are applied, this allows the MSOL_AD_Sync account read your Active Directory and synchronize to Office 365.  Q: What exactly happens if I enable Rich Co-Existence during Setup? A: In addition to creating the MSOL_AD_Sync account which is used to read attribute values from objects in your Active Directory, a Security Group (called MSOL_AD_Sync_RichCoexistence) is created, and the MSOL_AD_Sync account is added to it.  This Security Groups is then granted write-permissions to only the 6 attribute we need to write to in order to enable the rich coexistence/hybrid scenario.   Specifically, we grant write-permission to the MSOL_AD_Sync_RichCoexistence security group to the following attributes on the following object types:

Attribute Object Type
MSExchArchiveStatus User
MSExchBlockedSendersHash User
SExchSafeRecipientsHash User
MSExchSafeSendersHash User
MSExchUCVoiceMailSettings User
ProxyAddresses User, Contact, Group

Q:           Can the Directory Synchronization tool be installed on a Virtual Machine?

A:            Yes.

Q:           What attributes are synchronized by the directory synchroniztion tool?

A:            See the KB, List of attributes that are synchronized to Office 365 and attributes that are written back to the on-premises Active Directory Domain Services.

Q:           What objects does the directory synchroniztion process filter out?

A:            See How directory synchronization determines what is not synchronized from the on-premises environment to Office 365.

Support (KB) Articles for Directory Synchronization