With directory synchronization, you can continue to manage users and groups on-premises and synchronize additions, deletions, and changes to the cloud. But setup is a little complicated and it can sometimes be difficult to identify the source of problems. We have resources to help you hunt down potential issues and fix them.
How do I know if something is wrong?
The first indication that something is wrong is when the DirSync Status tile in the Office 365 admin center indicates there is a problem:
You will also receive a mail (to the alternate email and to your admin email) from Office 365 that indicates your tenant has encountered directory synchronization errors. For details see Identify directory synchronization errors in Office 365.
How do I get Azure Active Directory Connect tool?
In the Office 365 admin center, navigate to Users > Active users. Click the More menu and select Directory synchronization.
In the old Office 365 admin center, navigate to USERS >Active Users, and select Set up next to Active Directory synchronization.
Follow the instructions in the wizard to download Azure AD Connect.
If you are still using Azure Active Directory Sync (DirSync), take a look at How to troubleshoot Azure Active Directory Sync Tool installation and Configuration Wizard error messages in Office 365 for information about the system requirements to install dirsync, the permissions you need, and how to troubleshoot common errors.
To update from Azure Active Directory Sync to Azure AD Connect, see the upgrade instructions.
Common causes of problems with directory synchronization in Office 365
| Symptom | Top solution or solutions |
|---|---|
| Synchronized objects aren’t appearing or updating online, or I’m getting synchronization error reports from the Service. | Identity synchronization and duplicate attribute resiliency |
| I have an alert in the Office 365 admin center, or am receiving automated emails that there hasn’t been a recent synchronization event | |
| Passwords aren’t synchronizing, or I’m seeing an alert in the Office 365 admin center that there hasn’t been a recent password synchronization | Implementing password synchronization with Azure AD Connect sync |
| I'm seeing an alert that Object quota exceeded | We have a built-in object quota to help protect the service. If you have too many objects in your directory that need to sync to Office 365, you’ll have to contact Support to increase your quota. |
| I need to know which attributes are synchronized | You can find a list of all the attributes that are synced between on-premises and the cloud right here. |
| I can’t manage or remove objects that were synchronized to the cloud | Are you ready to manage objects in the cloud only? Or is there an object that was deleted on-premises, but is stuck in the cloud? Take a look at this Troubleshooting Errors during synchronization and support article for guidance on how to resolve these issues. |
| I got an error message that my company has exceeded the number of objects that can be synchronized | You can read more about the issue here. |
Other resources
- Script to fix duplicate user principal names
- How to prepare a non-routable domain (such as .local domain) for directory synchronization
- Script to count total synchronized objects
- Troubleshoot AD FS 2.0
- Use PowerShell to fix empty DisplayName attributes for mail-enabled groups
- Use PowerShell to fix duplicate UPN
- Use PowerShell to fix duplicate email addresses
Diagnostic tools
IDFix tool is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Office 365. IDFix is intended for the Active Directory administrators responsible for DirSync with the Office 365 service. Download the IDFix tool from the Microsoft download center.
No comments:
Post a Comment