stepbytech

Step by Step Directions for Techs

Tag Archives: password sync

DirSync Setup Tips for Office 365

For as simple as the software seems to be, there are some things to watch out for:

  1. Disable password expiration for the DirSync service account.  If you don’t do this, the service will stop working in 90 days until you reset the password on the portal and reconfigure DirSync.
    • Import-Module msonline
    • $cred = Get-Credential
      This will prompt you for credentials for an admin account.  You can use the DirSync account.
    • Connect-MsolService -cred $cred
    • Set-MsolUser -UserPrincipalName dirsync@mydomain.onmicrosoft.com -PasswordNeverExpires $true
  2. DirSync does not automatically assign licenses to the accounts it copies.
  3. Initiating a Full Sync in DirSync does NOT initiate a full password sync. 
    • Open “C:\Program Files\Windows Azure Active Directory Sync\DirSyncConfigShell.psc1”
    • Run “Set-FullPasswordSync”
  4. If you want to do a quick sync for accounts, don’t do it from miisclient.  Do it from PowerShell. 
    • Open “C:\Program Files\Windows Azure Active Directory Sync\DirSyncConfigShell.psc1”
    • Run “Start-OnlineCoexistenceSync”
  5. DirSync only allows for 15,000 accounts to be sync’d unless you call Microsoft first.  This includes containers, groups, and users.  If you hit this limit, you can filter what goes up to Azure.

 

Advertisements