Understanding When to Start Using Directory Synchronization into Office 365 After BPOS Transition

Posted on Updated on

   As many of you are in the BPOS Transition into Office 365, the questions comes up around “…when can I start using the new Directory Synchronization against Office 365?”.  Below is an excerpt from the Enterprise Transition Guide, which discusses among other things, what, why, when and where to start your Office 365 Directory Synchronization administrative tasks:

Validate the configuration of Directory Synchronization Tool for BPOS–S and continue to perform synchronization

Directory synchronization enables you to synchronize objects from your Active Directory to the BPOS–S environment. There is an updated version of the Directory Synchronization Tool for Office 365, and the BPOS–S version of the Directory Synchronization Tool for BPOS–S will not work with Office 365. The BPOS–S synchronization will continue to work up until the start of the transition weekend. Microsoft recommends scheduling for the suspension of all technical and business identity change processes, including directory synchronization, approximately 12 hours before the start of the Transition Window. However you choose to manage your organizations identity processes during transition, it is a requirement that directory synchronization is suspended 12 hours before the transition begins.

Upon completion of the transition process, the Office 365 portal will not permit changes to user properties because the tenant is not yet authoritative for the user directory. Becoming authoritative can take between 24 and 72 hours (worst case) after transition completes. When you see that you can make changes to user attributes via the Office 365 tenant portal (not the BPOS–S Microsoft Online Admin Center which will be unavailable after transition), then your tenant has directory authority and you can re-establish directory synchronization with the Office 365 environment using the Office 365 version of the Directory Synchronization Tool. For more information about key work items you must complete before you start the Office 365 Directory Synchronization Tool, see Deploy Directory Synchronization Tool for Office 365 Post Transition in Section 3.

If you were using DirSync before the transition, you are required to continue to use the new Directory Synchronization V2 Tool in Office 365.

Deploy Directory Synchronization for Office 365 Post Transition

Once the transition process has been completed, and all services have been validated as part of the solution, one of the final remaining tasks is to complete the upgrade to the Directory Synchronization Tool for Office 365. The BPOS–S version of the Directory Synchronization Tool (DirSync) will become non-functional during the transition weekend, and will need to be re-established once the post-transition validations have been completed and after you have captured the ‘public delegates’ configuration described below.

The new version of the Directory Synchronization Tool now supports the x86 and x64 platforms, which gives customers additional flexibility in regards to their deployment. The configuration of the Office 365 directory synchronization service is broken down into the following tasks:

  • Removal/uninstallation of the existing BPOS DirSync Service.
  • Download of the updated Office 365 Directory Synchronization Tool code (32-bit or 64-bit).
  • Installation of any new hardware that may be intended for the DirSync Service.
  • Installation and upgrade of Office 365 Directory Synchronization Tool.
  • Validation that the Directory Synchronization service is working and synchronizing correctly.

The installation of the Directory Synchronization Tool post-transition will require a full synchronization of the directory and this cannot be performed until between 24 and 72 hours after transition is complete, as described earlier in Post Transition in Section 2.

A full list of upgraded features of the Office 365 Directory Synchronization Tool can be found in the documentation that is downloaded with the tool. The most up-to-date version of this guidance can be found in the help topic Install and Upgrade the Microsoft Online Services Directory Synchronization Tool at http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652545.aspx.

If you are going to be using directory synchronization between your on-premises Active Directory and Office 365, it is crucial your directory meets the directory requirements for Office 365. These requirements are documented in the Office 365 Identity Service Description, which can be downloaded from http://www.microsoft.com/download/en/details.aspx?id=13602. Review the “Active Directory Considerations” section in this Service Description, and include project activity during your pre-transition phase to confirm your Active Directory content is compliant with Office 365.

Note that unlike BPOS–S, Office 365 requires the User Principal Name (UPN) configured in your directory to precisely match at least one SMTP address configured for that user. If this is not the case, your transition may be delayed until your directory meets this and the other above requirements. The SMTP address selected to match the UPN does not need to be the primary SMTP address for that user. However it is critically important that a user’s UPN is not the SMTP address of a different user in BPOS –S. This could delay your transition or result in the loss of mail for one or the other user during transition unless corrected.

Whatcha thinkin?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s