Dirsync FAQ : Before you get started

Do I need to install Directory Synchronization?

DirSync is not a requirement to use Microsoft Online. It is easy to manage small user lists in Microsoft Online using the Administration Portal. You can even import a list of users from a .CSV file.

DirSync makes the most sense when you have large enough user lists that you want to edit information for users only in one place (your Active Directory) and have these changes synchronized with Microsoft Online. Many company's choose to do so only when they have over a 100 users. It is also required if you want to run an on-premise Exchange Server and use Exchange Online at the same time and setup email coexistence.

What is synchronized?

DirSync synchronizes all domains in your Active Directory forest with Microsoft Online. It will synchronize all users, and contacts/groups with email addresses.

Note, these are visible in the Exchange Online Address Book only if they have email addresses.

DirSync does not synchronize privileged information like user passwords from the on-premise Active Directory. Users are assigned a Microsoft Online password when they are licensed.  

What are the prerequisites for Directory Synchronization?

Environment : 

  • A single Active Directory Forest (Windows Server 2000 or above DCs)
  • Enterprise Administrator Credentials for this forest

DirSync Machine prereqs

  • Windows Sever 2003 SP2 x86
  • .Net 2.0 Runtime
  • Powershell 1.0
  • Joined to a domain
  • Not a domain controller

Note : If you are testing out the DirSync functionality, it is possible to install it in a Virtual Machine. You will see better performance on Windows 2003 SP2 x86 running within Hyper-V compared to when running within Virtual PC or Server.

Can I roll back after running Directory Synchronization?

DirSync establishes a one way synchronization from the on-premise Active Directory to Microsoft Online. No changes are made to the source AD as part of synchronization.

Changes you will need to make to completely roll back include

  1. Uninstall the DirSync Tool.
  2. Delete the MSOL_DirSync account created in your AD during the first DirSync Configuration. Help in Configuration Wizard provides details on this service account (used for reading from the source AD).
  3. Delete the synchronized objects from Microsoft Online.
  4. If mailboxes have been migrated to Microsoft Online, the migration tools present the option to set up mail forwarding to Microsoft Online. You can remove any forwarding you have set up using the Migration Tools.

Does DirSync work with proxy servers?

Yes! DirSync does work with proxy servers. DirSync communicates with Microsoft Online via ports 80 (HTTP) and 443 (SSL). All data transfers are transfered securely over SSL. The client uses the the same proxy settings the user configuring the DirSync client uses.

Note : DirSync works with unauthenticated proxies. If you do have a proxy server that requires authentication, you will have to establish exceptions to allow unauthenticated traffic to *.microsoftonline.com from the DirSync client.

Comments

  • Anonymous
    January 01, 2003
    Loved a crisp Q&A with DirSync. Looking forward for AAD Connect tool too. :)
  • Anonymous
    December 15, 2013
    Pingback from Some notes on using QuickStart to synchronize AD user profiles to FIM profile database - A soldier of fortune