donderdag 24 november 2011

Installing and configuring Dirsync 64 Bit for Office 365 ( FIM2010 )

Although the functionality of Dirsync 64-Bit is the same as the 32-bit version, the underlying SQL is differtent. Therefore it is not possible to upgrade and you have to install Dirsync 64-bit on a new computer.

The steps for installing Dirsync 64 bit:
  • Uninstall Dirsync 32-Bit
  • Prepare a new 64-bit computer ( or VM )
  • Install 64-Bit Dirsync
  • Complete Directory Service Configuration Wizard
Because you first uninstall Dirsync 32-bit, there is a time windows where changes are not synced to the cloud. After the 64-bit Dirsync is installed, objects on-prem are automatically matched to the cloud objects. But... object deletions during the time Dirsync was offline will not be found.
Therefore, minimize the changes in AD during the time Dirsync is offline.

The first steps are uninstalling Dirsync 32-bit and preparing a new VM, Í won't get in to detail on that as it is very easy to do and not the same in every deployment.

There is something you should keep in mind, if you edited the Connection Filter within ILM, you should take note of the filters you added. You need to configure them again when Dirsync 64-bit is installed. More info on this in my October article : Dirsync filter unwanted users like service accounts

I prepared a new VM with Windows Server 2008 R2 SP1 installed. Ensure that .NET Framework ( at least 2.0 SP1 ) is present and that you at least use Windows Server 2008 X64 or Windows Server 2008 R2 X64

First, I downloaded Dirsync 64-bit from the download page.
Log on to the admin page and navigate to users, then click the link "Set up" next to Active Directory Synchronization.

Then click Windows 64-bit version and click download.

The installation of Dirsync 64 is the same as the 32-bit version.
It is pretty straight forward as in next, next Finish so I won't get in to detail.
Configuring Dirsync with the Dirsync wizard is exactly the same as the 32-bit version, but I will show some screens anyway.
Click next.

In the next screen, enter the credentials for the Office 365 admin account.
This account wil be used to sync the accounts to Office 365.
We created a Dirsync service account without password expiry specifically for sync purposses.
I also created an article on how to do this : Create Dirsync service account

Then enter your AD Domain admin credentials. Click next.

We want to enable Hybrid Deployment, as we dit on the 32-bit version. Click next.

In my case, the error below was shown. I came accross this error in the 32-bit version also.
I did not log-off after installing Dirsync and therefore I was'nt a member of the dirsync admins.
I worked around this issue by granting my user account full control on the specified registry key.
Click retry.

After configuration completes, click next.

Then, enable the Synchronize now checkbox to start syncrhonizing.

You're done, Dirsync 64-bit is succesfully installed.

Dirsync first imports all the ad users in to the metaverse, then imports all of the cloud users into the metaverse and then runs a full synchronization. This should join the AD and cloud user to 1 object in the metaverse.

You can verify this by openeing the Synchronization Service Manager found in
C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe
Under the operations tab you will find the history of all syncs.
Particularly interesting is the Full Confirming Import for the TargetWebService.

This shows the joins in the metaverse for the AD and cloud object.

All the customizations I have done with Dirsync 32-bit, I could also customize in Dirsync 64-bit.
Below a recap for the customizations I have done, all are still applicable :
Keep in mind that the location of the miisclient has changed for editing MA's directly.
C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe
Good luck upgrading your Dirsync!

NOTE: Changing the DirSync configuration directly within FIM is unsupported by Microsoft. They would prefer you rerun the previously mentioned Configuration Wizard if you need to make any changes.

1 opmerking: