No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

Error while running Microsoft Online Services Directory Configuration Wizard

  • This post has 14 Replies |
  • 4 Followers
  • Hi Michael Makeyev,

    Have you ever manually created some users in Microsoft Online Portal(MOP), or migrated some mailboxes? It seems there are some conflicts for the users attributes. Moreover, I suggest you check the items listed in the Prepare for directory synchronization, and make sure you have activated Directory synchronization and prepared the environments properly.

    To help to narrow down the issue, you can re-configure the wizard without enabling the rich coexistence option.

    In addition, here's a general help article for troubleshooting directory synchronization issues, which might be helpful for you:

    Troubleshoot directory synchronization

    Thanks,
    Reken Liu

    1 out of 1 people found this post helpful.

  • Hi. Thanks for replying.

    It's a completely new tenant. I have not manually created any users (except admin user created by default) and I haven't migrated any data or mailboxes yet. I prepared my AD some time ago before syncing with previous tenant. Also, I added and verified a few domains to this new tenant. I activated the Directory syncronization and allowed some time to apply changes so I see that DirSync is activated in the admin interface.

    As you recommended I tried to run Wizard without selecting Rich coexistence check box - and it's completed successfuly. But I really need this option... Also, DirSync still is not working with the same errors in Application log... What could be done to fix it? Thanks in advance.


    С уважением, Михаил Макеев.
    IT Partner.

  • Hi Michael Makeyev,

    As far as I know, the directory synchronization service need to contact your hybrid server, which must be Exchange 2010 SP1 or above versions. Have you prepared the hybrid server in your environment?

    For more information for deploying hybrid environment, please refer to Exchange Hybrid Deployment and Migration with Office 365.

    Thanks,
    Reken Liu

    0 out of 1 people found this post helpful.

  • According to the Office 365 deployment plan, Directory Sync should be done on step three, just after step 1.Inform your users and step 2.Add your domain.

    Configuration of onpremise Exchange goes on step 5, after we activate (step 4) users that were synced from onprem AD with DirSync tool, which is not working in my case.


    С уважением, Михаил Макеев.
    IT Partner.

  • Hi Michael Makeyev,

    Apologize for the delay on response. Actually when you set up the Directory Synchronization, the rich coexistence option will be disabled if there is no Exchange 2010 schema in local AD. You can find the information in the checklist of hybrid deployment:

    http://technet.microsoft.com/en-us/exdeploy2010/default.aspx#DeploymentCheckList/hh882522/Hybrid

    Please see the "Configure Active Directory Synchronization" part. It's needed to make the hybrid server available when you configure this option.

    Thanks,
    Reken Liu

    0 out of 1 people found this post helpful.

  • Thanks for the suggestion. However, we have Exchange 2010 servers in local infrastructure and local AD schema is also updated to accomodate Exchange 2010 server. Also, even the DirSync Wizard completed successfully with Rich Coexistence disable - the DirSync tool is not working. Users is not syncing. Please advise.


    С уважением, Михаил Макеев.
    IT Partner.

  • Hello Michael,

    As I have been researching this, there is one continuous question that I keep coming back to, " Does the Directory Synchronization Wizard still expect to connect to the previous tenant?" The tool still exists from the previous Sync that was done to the old tenant. Have you attempted to uninstall and re-install the DirSync tool since moving to the new tenant? It has been my experience that Synchronization tools are very particular about settings directly from the install.

    Please let me know. I look forward to hearing from you.

    Brandon Kempma
    Office 365 Technical Support.

    Brandon Kempma

    Office 365 Technical Support.

  • Hi Brandon,

    I uninstalled the tool from previous server and installed it on completely new server. The installation finished successfully, but I still got the same message in the end when the Hybrid Installation option is selected: Error. The object already exists. Enable-MSOnlineRichCoexistence failed.


    С уважением, Михаил Макеев.
    IT Partner.

  • Also, here's what I got when I try to run cmdlet Enable-MSOnlineRichCoexistence. It asks for credentials to access local AD then throws an error:

    PS C:\Program Files\Microsoft Online Directory Sync> Enable-MSOnlineRichCoexistence

    cmdlet Enable-MSOnlineRichCoexistence at command pipeline position 1

    Supply values for the following parameters:

    Credential

    Enable-MSOnlineRichCoexistence : The object already exists.

    At line:1 char:31

    + Enable-MSOnlineRichCoexistence <<<<

       + CategoryInfo          : NotSpecified: (:) [Enable-MSOnlineRichCoexistence], DirectoryServicesCOMException

       + FullyQualifiedErrorId : System.DirectoryServices .DirectoryServicesCOMException,Microsoft.Online.Coexistence.PS.Config.EnableMSOnlineRichCoexistene

    I also created a support request in my O365 admin interface. It's SR is: 1175978738. For past 6 days it stays active and problem is not resolved. Migration process to Office 365 is stopped. Is it possible to do something with it? Are there any documentation available on this topic maybe?


    С уважением, Ми��аил Макеев.
    IT Partner.

  • Hello Michael,

    Since you have opened a Service Request to address this issue, my involvement in this case must now end. We cannot have duplicate support cases in any form. Further support will be done through your Service Request. So a few things that I have uncovered that may help. The MSOnlineRichCoexistence is an attribute in your AD, likelt it exists in the DC. That would explain why it already exists. There is a drastic thing that could "clear" the migration. Deactivate DirSync will do this. Follow these 2 links for information: http://onlinehelp.microsoft.com/en-us/Office365-enterprises/ff652533.aspx#BKMK_deactivate and http://community.office365.com/en-us/w/sso/directory-synchronization-and-source-of-authority.aspx .

    It was a pleasure to assist you,

    Brandon Kempma
    Office 365 Technical Support.

    Brandon Kempma

    Office 365 Technical Support.

  • The issue is still not resolved. Maybe someone could make a snapshot with AD Explorer tool before and after running a DirSync wizard just to get some info what kind of modifications is done to AD?

    С уважением, Михаил Макеев.
    IT Partner.

  • Just in case someone will have the same issue - it was related to OU's in the local AD:

    Both the user account “MSOL_AD_Sync” and group “MSOL_AD_Sync_Coexistence” MUST exist in the “Users” container of the Forest Root Domain.

     

    And some comments:

    When the Configuration Wizard runs, it creates / modifies the MSOL_AD_Sync account, and then sets permissions at the domain level for each domain in the forest.  Then it creates / modifies the MSOL_AD_Sync_RichCoexistence group, and adds permissions at the domain level and “AdminSDHolder” container object for each domain in the forest.

     

    If there are no accounts created in the “Users” container do the following steps:

    1. Logon as the account being used in the wizard.
    2. Launch Active Directory Users and Computers MMC and target the Active Directory forest root domain.
    3. Select the “Users” container, and then right click, and select “Properties”.
    4. Click on the “Security” tab and verify the following:
      1. There are no Deny ACE’s for any of the following accounts:
        -
        Administrators
        - Enterprise Admins
        - The Active Directory account being used in the wizard.
      2. There are appropriate permissions to create user or group objects for one / all of the following accounts:
        - Administrators
        - Enterprise Admins
        - The Active Directory account being used in the wizard.
    5. If there are Deny ACE's or there are not enough permissions for the Active Directory account to create a user or group object in the "Users" container the customer will need to fix the permissions.

    С уважением, Михаил Макеев.
    IT Partner.

  • Hi Michael,

    Thank you for your reply and the detailed additional feedback on how you were successful in resolving this issue. This information was added to the Microsoft database. Your solution will benefit many other users, and we really value having you as a Microsoft customer.

    If you have any other questions or concerns, please do not hesitate to contact us. It is always our pleasure to be of assistance.

    Have a nice day! 

    Brandon Kempma
    Office 365 Technical Support.

    Brandon Kempma

    Office 365 Technical Support.

  • I had the exact same problem as Brandon. (Had to move to a new tenant and setup dirsync servers) and got the exact same errors as he specified, however I had a different fix, so maybe this will help someone.

    In my case I had to

    1. Open "C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe"

    2. Go to the "Management Agents" tab

    3. Right click on "TargetWebService" and select Run.

    4. Select Full Confirming Import and then click ok.

    After doing this, I was able to run "Start-OnlineCoexistenceSync" without issues.

Page 1 of 1 (15 items)