Skip to main content
Sign In |
  Help (new window)
MMCUG Logo

MMCUG Blogs

Go Search
Home
MMCUG Blogs
Events
Event Registration
Directions
Sponsors
Links
LinkedIn
Search
  

> MMCUG Blogs > Posts > Microsoft Online – Business Productivity Online Suite: Establish E-Mail Coexistence Part 3

3/1/2009

Microsoft Online – Business Productivity Online Suite: Establish E-Mail Coexistence Part 3

Establish E-Mail Coexistence (Enabling Directory Synchronization)

In the first part of a three part series we provided instruction in how to add and verify your organizations domain to Microsoft Online Services. In the second part we explained the establishment of email flow. We will now explain Enabling Directory Synchronization. I have decided to save the migration of mailboxes for a continued and separate two part blog based on the level of detail that needs to be covered just on migrations to the "cloud". Watch for "Migrating Mailboxes to the Cloud Part 1 and 2"

Enable Directory Synchronization

We now need to enable directory synchronization before we install the Directory Synchronization Tool.

To enable directory synchronization

  1. Sign in to the Microsoft Online Services Administration Center, click Migration, and then click Directory Synchronization.
  2. Complete the first step on the Directory Synchronization page by reading the plan for directory synchronization.
  3. Under step 2, "Enable one-way synchronization from your local Active Directory to Microsoft Online Services" click Enable.

Our next step will be to Install and Configure the Directory Synchronization Tool

Directory Synchronization Tool

There are some minimum requirements for the installation of the Directory Synchronization Tool, these requirements are as follows.

  • A Windows 2003 (x86) not (x64)
  • A member server of the local Active Directory forest that is to be synchronized
  • The server cannot be a domain controller
  • Required Directory Synchronization Permissions

The Directory Synchronization Tool will require the following permissions.

  • Local Administrative permissions on the Windows 2003 server.
  • The Administrative account with administrative permissions on MSONLINE.
  • User name and password of an account with Enterprise Admin permissions on your local Active Directory service.
  • Exchange Administrator permissions to implement TLS in your Exchange Server environment.

We will now install the Directory Synchronization Tool.

To install the Microsoft Online Services Directory Synchronization Tool

Sign in on the Microsoft Online Services Administration Center on the Windows 2003 computer which will host Directory Synchronization, click Migration, and then click Directory Synchronization.

  • Download the Directory synchronization tool to the Windows 2003 computer.

  • At the end of the installation you will be prompted as to whether you would like to start the configuration wizard.
  • On the Finish page, select Start Configuration Wizard now, and then click Finish.

  • Provide the user name and password for a user account with Administrator permissions in Microsoft Online Services.

  • On the Active Directory Credentials page provide the user name and password for an account with Enterprise Admin permissions on your local Active Directory directory service.

  • When Configuration is complete you will see the following dialogue

  • On the Finish page, select Synchronize directories now, and then click Finish.

  • Validate that Directory Synchronization has taken place by going to the Users Tab on MSONLINE, selecting User List and viewing Disabled user accounts. In the following screen I can see some of my disabled users recently synched based on the creation of a "New View" using the Active Directory Department field of "Executive Branch". "Executive Branch" had been populated from the Department field in a previous Active Directory Synchronization. In this way, while I cannot prevent all users from coming into MSONLINE. I can at least filter them into different views using this method.

How often does Directory synchronization Take Place?

Directory Synchronization will now take place once every three hours. If you change the password on MSONLINE or within your Active Directory you will need to rerun t the configuration tool again.

Forcing Directory Synchronization

If you would like to force directory synchronization outside of the three hour interval you will need to run the tool again and on the Finished Dialogue Box as before select the "Synchronize directories now.

You can run the tool again by Clicking Start, click All Programs, click Microsoft Directory Sync, and then click Directory Sync Configuration.

What will be synchronized?

All accounts will be synchronized to MSONLINE but will be disabled by default. These will not count against your used MSONLINE licenses until you enable them which will be discussed as part of Mailbox Migration.

This synchronization process is one way, with your internal Active Directory serving as the Authoritative source and the MSONLINE directory serving as a read only copy of the directory.

Watch for my next two blogs "Migrating Exchange Mailboxes to the Cloud Part 1 and 2".

Forrest McDuffie
Senior Consultant
Project Leadership Associates

 

Posted at 11:39 PM by Forrest McDuffie | Category: Microsoft Online Services - Business Productivity Online Suite (BPOS) | Permalink | Email this Post | Comments (0)

Comments

There are no comments yet for this post.

Copyright © MMCUG - Midwest Messaging and Collaboration User Group 2008 Terms and conditions