stepbytech

Step by Step Directions for Techs

DirSync Setup Tips for Office 365

For as simple as the software seems to be, there are some things to watch out for:

  1. Disable password expiration for the DirSync service account.  If you don’t do this, the service will stop working in 90 days until you reset the password on the portal and reconfigure DirSync.
    • Import-Module msonline
    • $cred = Get-Credential
      This will prompt you for credentials for an admin account.  You can use the DirSync account.
    • Connect-MsolService -cred $cred
    • Set-MsolUser -UserPrincipalName dirsync@mydomain.onmicrosoft.com -PasswordNeverExpires $true
  2. DirSync does not automatically assign licenses to the accounts it copies.
  3. Initiating a Full Sync in DirSync does NOT initiate a full password sync. 
    • Open “C:\Program Files\Windows Azure Active Directory Sync\DirSyncConfigShell.psc1”
    • Run “Set-FullPasswordSync”
  4. If you want to do a quick sync for accounts, don’t do it from miisclient.  Do it from PowerShell. 
    • Open “C:\Program Files\Windows Azure Active Directory Sync\DirSyncConfigShell.psc1”
    • Run “Start-OnlineCoexistenceSync”
  5. DirSync only allows for 15,000 accounts to be sync’d unless you call Microsoft first.  This includes containers, groups, and users.  If you hit this limit, you can filter what goes up to Azure.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: