In this edition of “Justin’s Tech Tip of the Week” I am going to focus on how to use Microsoft Active Directory Synchronization (“MS DirSync”) for Office 365 more effectively.
For those of you who are unaware of what MS DirSync is, here is a quick summary:
MS DirSync is a useful feature/aspect of Office 365 that allows an organization to synchronize their local Active Directory forest up to Office 365.
Benefits for using MS DirSync are:
- A useful way to bulk populate the Office 365 tenant with an organizations users and distribution groups
- Allow for management of the user accounts, mailboxes, and distribution lists from a company’s local Active Directory as they are used to with an on-premises MS Exchange environment.
In this tech tip, I will discuss how to manually force a DirSync operation to commence and I’ll outline the Synchronization Service Manager which can be used to manage and obtain granular information with regard to DirSync and any issues/errors that may arise.
How to Manually Force a DirSync
After you setup and establish MS DirSync with Office 365, by default the service will automatically synchronize with Office 365 every 3 hours. This is not always acceptable especially if you have made some adds/moves/changes in your local Active Directory and you need to get those changes synched up to Office 365 ASAP.
Some examples of where waiting for the 3 hour interval isn’t sufficient are:
- A new hire has just started and needs to get their email/mailbox established ASAP
- A user needs to be added/removed from an important distribution list.
- An employee has been terminated and the disabling/removal of the account/mailbox needs to be synchronized.
So, to manually force the DirSync operation, perform the following:
- Log onto your MS Directory Synchronization Server.
- Browse to the following location: C:\Program Files\Microsoft Online Directory Sync
- Locate the DirSyncConfigShell.psc1 file and Double-click
- When the Powershell module opens, input the following command: Start-OnlineCoexistenceSync and press “Enter”.
This will start a DirSync operation immediately, thus not having to wait for the 3-hour interval.
Synchronization Service Manager
This “Synchronization Service Manager” is a nice little gem that can help you with managing MS DirSync especially if errors arise. This tool is also installed when you first install MS DirSync, and you can locate it by browsing to the following location on the DirSync server:
C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell\
Once there, look for a green icon with 2 white arrows within named “miisclient” and double-click to execute. (NOTE: You should create a shortcut and place it on your Desktop and/or within the Start Menu so you don’t always have to browse here to run this program.)
Now, the Synchronizaton Service Manager opens. For now, we are only going to discuss the “Operations” tab, which is where you will spend 90% of your time within this tool.
Within this Operations tab, you will see a log of all of the DirSync operations that have run since the product’s initial install date. You will see the automatic synch jobs and their status that run every 3 hours, and you can also see any and all of the manual jobs that you have run as well.
If you highlight one of the entries in the log (either SourceAD or TargetWebService), below you will see details associated with that particular job. You can see the statistics that show all of the adds/updates/renames/deletes that occurred with that synchronization ,and on the right you can identify the Synchronization errors that occurred, if any. You can even get further granular by selecting one of the items that errored (usually denoted by a CN= at the start of the entry) and get information on the object/group that encountered the problems.
In the main log, the “Status” column will depict an overview if issues were found or not. If you see “Success”, everything was fine.
The bottom line, is that this Synchronization Service Manager allows for a nice alternative then just the email notifications that get received from Microsoft to the one, main user/email account on the tenant for investigating and troubleshooting issues.
Clearing the Runs
No, it’s not what you are thinking! (Get your minds out of the gutter!). However it is an important operation to perform if your Directory Synchronization stops running or updating.
All of the logs and line items that are displayed within the Synchronization Service Manager are stored within a local SQL Express 2008 database, and if this gets full, then DirSync will stop updating to Office 365 until this is resolved. To do so,
- Log into the Synchronization Service Manager
- Click on the “Actions” menu at the top of the screen.
- Then, highlight and select “Clear Runs”.
This will clear the listed runs and essentially purge these excess logs from the database, allowing MS DirSync to run properly once again; thus synchronizing with Office 365 as normal.
And that is Justin’s Tech Tip of the Week.
If you’ve missed any of the previous Justin’s Tech Tips of the Week, here is a recap: