What is the "DirSync" Tool?
DirSync is the easire-to-say name for the Microsoft Azure Active Diretory Sync tool. And honestly, with a name that long, a much-abbreviated form was definitely needed for a tool that would be at the center of almost all Hybrid environments with Office 365. So, what is it used for? Quite simply, it is the tool that is used to synchronize your Active Directory users in your On-Prem environment to your Office 365 deployment. You can use it to sync all users, or you can apply filters and synchronize only certain groups, depending on your plans for Office 365 usage.
Why is this important? I will answer that by also answering why it is AWESOME. Let's say your plan is to house your Lync deployment on-prem (or Skype for Business deployment because you are cool and stay up with the times), but you want to migrate your Exchange users to Exchange Online. Ok, so now you need to create all those users in Office 365, so that they can access Exchange Online. Wait, does this mean that they have to sign in to Lync using one set of credentials, and Exchange Online with another set of credentials? Well, yes, it would mean that, if you didn't synchronize all of your existing users from your on-prem Active Directory. By putting this synchronization into place, all your users will stay properly synced up to Office 365, and you can even manage their accounts and settings from your on-prem environment, with the changes being synced to the account in the cloud. And this means that SSO can also be achieved! Oh happy day!!
What are the requirements for DirSync?
First of all, this tool should only be downloaded onto, and running from, a single machine in your domain. Further more, this server is not recommended to be a Domain Controller, as issues can arise (see my previous article about a specific issue that you will encounter: http://blog.msucguy.com/2015/04/office-365-directory-synchronization.html). It doesn't mean that it won't work on a DC, but if we are talking about a production environment, I would stick to the recommended guidelines.
Secondly, you will need to deploy Active Directory Federation Services in your environment if you wish to achieve Single-Sign On (SSO) functionality. This is very important for companies that want a streamlined user experience - not wanting users to feel like they are in two different environments, but rather working out of the same single environment like they normally would. This article does a great job explaining where ADFS comes into play, and the other types of synchronizations that can be used with it: https://support.office.com/en-ca/article/Understanding-Office-365-identity-and-Azure-Active-Directory-06a189e7-5ec6-4af2-94bf-a22ea225a7a9.
Ok, what about the Technical requirements?
Alright, to get to the nitty-gritty, here is a list of system and envirnment requirements that are more technically specific:
- The server used for the DirSync tool must be running one of the following operating systems:
- Windows Server 2008 R2 w/ SP1, x64 (Standard, Enterprise, or Datacenter)
- Windows Server 2012 (Standar or Datacenter Editions)
- Windows Server 2012 R2 (Standard or Datacenter Editions)
- The server must be joined to the Active Directory domain that is being synchronized
- The AD Forest Functional level must be at least Windows Server 2003
- The server must have Powershell installed (and enabled, if relevant)
- The server requires both .NET Framework 3.5 SP1 and .NET Framework 4.5.1
- The Domain Controllers in the environment must be running one of the following operating systems:
- Windows Server 2003 SP1 (32 or 64-bit)
- Windows Server 2008 (32 or 64-bit) (Standard or Enterprise Editions)
- Windows Server 2008 R2 (Standard or Enterprise Editions)
- Windows Server 2008 Datacenter Edition
- Windows Server 2008 R2 Datacenter Edition
- Windows Server 2012 (Standard or Datacenter Editions)
While the above information may seem drab, and may not pertain to too many newer environments, it can be very good information to know if you are planning on taking the Office 365 certification exams. Just sayin'...
There are other articles out there that go into much deeper dives on this tool, and I would of course encourage you to dig into them if you are moving past this introductory phase and getting ready to do so serious DirSync management. I would especially encourage you to get very familiar with the Powershell tools and cmdlets that are available for directory synchronization and remote Office 365 management, as provisioning automation will definitely rely on a solid understanding of Powershell.
For an overview on the various tools that can be used after your Hybrid deployment (or in-between phases of the deployment), check back with me on the third and final post of this series. We will be going down the list of some great connectivity testing and troubleshooting tools.
I would also like to apologize for the lack of a borderline-sarcastic meme in this post. I shall strive to not let that happen again!
Stay techy, my friends.