Setup BPOS Active Directory synchronization

Posted on by

To synchronize your AD Domain with your BPOS environment, follow the steps below.

  • Log in on your Microsoft Online Services Administration Center, Click the [Migration] tab and then click the [Configure] button in the “Directory Synchronization” Section.
    BPOS Directory Synchronization 
  • Read the  “Plan for Directory Synchronization” and check the checkbox, confirming that you read it.
  • Press the [Enable] button in step 2, to enable BPOS for the synchronization.
  • Press the [download] button in step 3. This will open a where you can download the synchronization tool.
  • Now you should install the synchronization tool, but mind the following restrictions:
    - Supported OS: Windows Server 2003 Service Pack 2; Windows Server 2008
    - Can’t be installed on a domain controller
    - Can’t be installed on x64
    - Powershell v1.0 has to be installed
  • Execute the file you downloaded in the previous step (dirsync.exe).
    - do not interrupt the installer
  • The installation is a Next, Next, Finish installation. You will be staring at a progress bar for quite a long timeinstallatie_ADSyncTool
  • After the initial install you can start the Configuration Wizard.
    Before you proceed be sure, you have the following things:
    - An user account who is an BPOS Administrator (probably the one you used to login with in step 1)
    - An Enterprise Administrator Account
    If you have these then the configuration is again almost, Next, Next, Finish.
  • At the end of the configuration, choose “”Synchronize directories now”
    - do not create any user object in your BPOS environment during this sync.
  • Within a few minutes, you can then view your imported users in your BPOS environment, they are all imported under the “Disabled User“ view (Tab [Users] > [User List], under view select “Disabled Users”).

From here you can now enable the users. A bit annoying is the fact that the list doesn’t use paging, you can only go 1 step through the list or to the end (or is that because I only had 2 pages?)

So now some things that are interesting to know:

  • The tool creates a service account named MSOL_AD_Sync. This will be a domain account with directory replication permissions on your AD.
  • A service will be installed on your ”sync station”.
  • The time needed for a synchronization depends on how many objects you have.
    500 objects will take about 5 min. to sync the first time, after the about 30 sec.
    1000 objects will take 10 min, after that 1 min.
    500o objects will take 45 min, after that 5 min.
    15000 objects will take 2.5h, after that 10 min.
    All depending on your bandwidth of course, for more than 20.000 objects contact Microsoft.
  • An uninstall of the tool, will not delete the MSOL_AS_Sync account, you have to do this manually.
  • The tool will sync every user in your complete forest, so whenever you must delete a domain in your forest this will impact your BPOS environment. To delete the domain, you must complete some “in-between” steps.
  • Every 3 hours there will be a scheduled sync.

Edit: I later received a few error messages, on my admin account mail address.
Apparently, a ‘&’ sign in a user name will generate a “049: LDAP injection characters were found in the user alias” error.

One thought on “Setup BPOS Active Directory synchronization

  1. Note about the error your getting. We are also seeing this however it is with accounts with ! in them.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>