Archive

Archive for June 26th, 2013

Active Directory Sync Tool – filters for user accounts

June 26th, 2013 2 comments

Today I published article how to make synchronization between Active Directory and Microsoft cloud Office 365. I also mentioned that you can filter which users you want to synchronize to cloud and which not. I also mentioned article where it’s described. I started to play with it, but it’s not as simple as I thought 🙂

They mention that you can filter on three conditions:

  • Based on OU location
  • Domain based
  • User attribute

I wanted to investigate third option – filter on User attribute. So I started to read article. First and most important is to mention that you set filter on users which you DO NOT want to synchronize. 🙂 So I decided to synchronize users which have their attribude “department” set to value “IT”. So I had to set filter out all users which don’t have this attribute set. 🙂

Another catch in article is about location of MIISAdmin tool. Article specifies some disk location, but it’s completely different. On my Windows Server 2012 it was installed in:

 

Installation directory

 

When I want to sync account which have department attribute set to “IT” I had to do following:

Open up miisclient.exe and click on Management Agents:

 

Management Agents

 

Right click on AD Connector (Agent) and Properties:

 

Properties

 

On left side you have to select Configure Connector Filter, then on right select user and select New…:

 

Sycn filter

 

Now declare new condition, which means we don’t want users that have department attribute set to IT:

 

Define filter

 

OK, OK. I set in domain only users User10-User19 to have value set. Now let’s force synchronization (IMHO it could be something more inteligent and nicer 🙂 ).

Let’s go to installation folder and run DirSyncConfigShell.psc1:

 

Running force sync

 

Now I have to run Start-OnlineCoexistenceSync:

 

Start-OnlineCoexistenceSync

 

You can check if everythin works fine in Application events and you should have success on the end:

 

Synchronization successed

 

And on cloud Office 365 I see just users I wanted to see:

 

Filtered users

 

Only thing I’m missing is to filter based on group membership.

Have a nice day,

 

Active Directory synchronization with Office 365

June 26th, 2013 1 comment

Once upon the time there was customer asking if we can help them with integration their Active Directory with Office 365 cloud. The main request was to sync Active Directory users into Office 365 cloud and then test Office 365 applications on their computers.

Registration for free Office 365

First you need to check prices and packages you want to use. I wanted to test it so I registered HERE. In free month you can use licences for 10 users. Don’t forget to register for Office 365 Midsize Business, only this version of Ouffice 365 can sync AD. After registration I have received e-mail with my account to log into Office 365 portal. After firt logon there is really not to many things to configure. I have to notice that I received testing domain @AtosSlovakia.onmicrosoft.com. This is what you need to have.

Preparing playground

So I have my playground setup:

  • Domain name: DOMAIN.LOCAL
  • Domain controller: MT-SERVER01.DOMAIN.LOCAL
  • Server which will synchronize data into cloud Office 365: MT-SERVER02.DOMAIN.LOCAL

Computer which will do synchronizaction needs to accomplished couple conditions:

  • Must have Microsoft .NET Framework 3.x
  • In cannot be domain controller
  • Must be part of the domain
  • It can be Windows Server 2008, Server 2008 R2 or Server 2012
  • If you have less than 50 000 objects in AD which you want to sync you can use Microsoft SQL Server 2008 Express. Other way you need to use “normal” SQL
  • Active Directory forest functional mode has to be Windows Server 2003 and higher

More HERE.

I also need to generate some users in domain which I will upload into cloud. I just have created 50 bulk users using following powershell script:

Create bulk AD users powershell

I have received testing domain suffix from Office 365 @AtosSlovakia.onmicrosoft.com so I have to set it as aditional UPN for new created users:

  • Open Active Directory Domain and Trusts
  • Right click on Active Directorz Domains and Trusts and click Properties
  • Type defined UPN and click OK

Setup Active Directory Synchronizaction

When you log on Office 365 portal you go to “users and groups” and select Active Directory synchronization Set up.

Activate AD Sync

Then you have to complete 6 steps (not really work to do) to make it work:

AD Sync Wizard

Activation of AD Sync tool can take about 24 hours:

24 hours activation

While we will wait for activation of feature, let’s install Directory Sync Tool on server MT-SERVER02.DOMAIN.LOCAL.

Read more…