To keep your on-premises user directory synchronized with your Microsoft Office 365 directory, you may need to use a different tool than you used with Microsoft Live@edu. In most cases, you will need to use the Windows Azure Directory Sync tool.

  • If you are planning on implementing single sign-on, follow the directions in Single sign-on rather than the steps in this article.
  • Password Change Notification Service (PCNS) is not supported in Office 365. If you want a single password, we recommend that you use Single sign-on.

Plan and prepare before the upgrade

Typically, if your existing directory synchronization solution isn’t customized, there is no end-user impact when changing to the Directory Sync tool. If your existing solution is customized, follow the directions for updating your synchronization solution below to minimize potential end-user impact. Note that you can’t provision users during the initial synchronization using the Directory Sync tool.

Before starting, learn about directory synchronization so that you understand the terminology, system requirements, and how it works.

  • Office 365 has a default limit of 50,000 directory objects that can be synchronized. If you have more than 50,000 directory objects, contact Office 365 Support after your upgrade to increase this limit for you.

Identify your current method of synchronizing to see the required changes:

OLSync

In order to give you time to complete the transition to the Directory Sync tool, you can continue to use Outlook Live Directory Sync (OLSync) with Outlook Live Management Agent (OLMA) for 30 days after you upgrade.
  • Until OLMA is disabled, the academic plans for Office 365 for education will not be available for you to subscribe to.
  • If you do not manually disable OLMA, it will be automatically disabled 30 days after the upgrade from Live@edu completes.

To switch from OLSync to the Directory Sync tool, complete the following steps.

After the upgrade

  1. Activate Directory synchronization for your upgraded production domain in Office 365.
    • This process takes 24 hours to complete, but you can continue with the steps 2-7 while waiting.
  2. Disable OLMA from synchronizing by canceling the scheduled task for synchronization.               
    1. Sign in to the Live@edu Service Management Portal by using your Live@edu user name and password (not the new password you set for Office 365.
    2. Click Disable OLMA.
    3. If using the same server for the Directory Sync tool that you previously used for synchronizing: uninstall OLSync and all components of Identity Lifecyle Manager (ILM) 2007 or Forefront Identity Manager (FIM) 2010. Note that a 64-bit version of Windows is required for the Directory Sync tool.
  3. Download the Cloud Directory Preparation scripts.
    • These scripts can be run from any domain-joined computer with Windows PowerShell installed.
  4. Open a Windows PowerShell command prompt and navigate to the folder containing the scripts.
  5. In order to allow the scripts to execute, run the Windows PowerShell command:
    Set-ExecutionPolicy Unrestricted.
  6. For each top-level organizational unit, run the read-only script ReadMode.ps1 in Windows PowerShell:
    .\ReadMode.ps1 -OutputFileName <path to file> -Office365AdminUserName <user name> -LDAP <"LDAP path">
    1. View the output .csv file, and determine if it is ready to use with the RemediationMode.ps1 script.
      • If no errors are found, the .csv file will have four columns: Primary SMTP address, Scenario, ADObjectGUID, and CloudObjectGUID.
        • If the file has these four columns but no other data, proceed directly to step 8 since no remediation is needed.
        • If the file has the four columns and rows with data, continue to step 7 to remediate the issues listed in the file.
      • If there are any errors, follow the troubleshooting instructions to troubleshoot any problems, and then run ReadMode.ps1 again.
  7. For each top-level organizational unit, run the remediation script RemediationMode.ps1 in Windows PowerShell, using the .csv file created in the previous step:
    .\RemediationMode.ps1 -InputFileName <path to file> -Office365AdminUserName <user name>
    1. If the script stops executing due to errors, follow the troubleshooting instructions, and then run RemediationMode.ps1 again.
    2. After successfully running the script, wait 20  minutes, and then run the RemediationMode.ps1 script again to resolve any replication collisions created by the first run of the script.
  8. Install the Directory Sync tool.
  9. Synchronize your directories using the Directory Sync tool.

OLMA, Active Directory, and custom code

In order to give you time to complete the transition to the Directory Sync tool, you can continue to use Outlook Live Management Agent (OLMA) for 30 days after you upgrade.
  • Until OLMA is disabled, the academic plans for Office 365 for education will not be available for you to subscribe to.
  • If you do not manually disable OLMA, it will be automatically disabled 30 days after the upgrade from Live@edu completes.
We recommend switching to the Directory Sync tool. To switch from OLMA to the Directory Sync tool, complete the following steps.

After the upgrade

  1. Activate Directory synchronization for your upgraded production domain in Office 365.
    • This process takes 24 hours to complete, but you can continue with the steps 2-7 while waiting.
  2. Disable OLMA from synchronizing by canceling the scheduled task for synchronization.               
    1. Sign in to the Live@edu Service Management Portal by using your Live@edu user name and password (not the new password you set for Office 365.
    2. Click Disable OLMA.
    3. If using the same server for the Directory Sync tool that you previously used for synchronizing: uninstall all components of Identity Lifecyle Manager (ILM) 2007 or Forefront Identity Manager (FIM) 2010. Note that a 64-bit version of Windows is required for the Directory Sync tool.
  3. Download the Cloud Directory Preparation scripts.
    • These scripts can be run from any domain-joined computer with Windows PowerShell installed.
  4. Open a Windows PowerShell command prompt and navigate to the folder containing the scripts.
  5. In order to allow the scripts to execute, run the Windows PoweShell command:
    Set-ExecutionPolicy Unrestricted.
  6. For each top-level organizational unit, run the read-only script ReadMode.ps1 in Windows PowerShell:
    .\ReadMode.ps1 -OutputFileName <path to file> -Office365AdminUserName <user name> -LDAP <"LDAP path">
    1. View the output .csv file, and determine if it is ready to use with the RemediationMode.ps1 script.
      • If no errors are found, the .csv file will have four columns: Primary SMTP address, Scenario, ADObjectGUID, and CloudObjectGUID.
        • If the file has these four columns but no other data, proceed directly to step 8 since no remediation is needed.
        • If the file has the four columns and rows with data, continue to step 7 to remediate the issues listed in the file.
      • If there are any errors, follow the troubleshooting instructions to troubleshoot any problems, and then run ReadMode.ps1 again.
  7. For each top-level organizational unit, run the remediation script RemediationMode.ps1 in Windows PowerShell, using the .csv file created in the previous step:
    .\RemediationMode.ps1 -InputFileName <path to file> -Office365AdminUserName <user name>
    1. If the script stops executing due to errors, follow the troubleshooting instructions, and then run RemediationMode.ps1 again.
    2. After successfully running the script, wait 20  minutes, and then run the RemediationMode.ps1 script again to resolve any replication collisions created by the first run of the script.
  8. Install the Directory Sync tool.
  9. Synchronize your directories using the Directory Sync tool.

Custom Windows PowerShell scripts and Active Directory

You can continue to use custom Windows PowerShell scripts, but will need to update them after the upgrade based on changes to Exchange Online cmdlets. For more information, see Windows PowerShell.

If you want to move to the Directory Sync tool, complete the following steps.

After the upgrade

  1. Activate Directory synchronization for your upgraded production domain in Office 365.
    • This process takes 24 hours to complete, but you can continue with the steps 2-6 while waiting.
  2. Download the Cloud Directory Preparation scripts.
    • These scripts can be run from any domain-joined computer with Windows PowerShell installed.
  3. Open a Windows PowerShell command prompt and navigate to the folder containing the scripts.
  4. In order to allow the scripts to execute, run the Windows PoweShell command:
    Set-ExecutionPolicy Unrestricted.
  5. For each top-level organizational unit, run the read-only script ReadMode.ps1 in Windows PowerShell:
    .\ReadMode.ps1 -OutputFileName <path to file> -Office365AdminUserName <user name> -LDAP <"LDAP path">
    1. View the output .csv file, and determine if it is ready to use with the RemediationMode.ps1 script.
      • If no errors are found, the .csv file will have four columns: Primary SMTP address, Scenario, ADObjectGUID, and CloudObjectGUID.
        • If the file has these four columns but no other data, proceed directly to step 7 since no remediation is needed.
        • If the file has the four columns and rows with data, continue to step 6 to remediate the issues listed in the file.
      • If there are any errors, follow the troubleshooting instructions to troubleshoot any problems, and then run ReadMode.ps1 again.
  6. For each top-level organizational unit, run the remediation script RemediationMode.ps1 in Windows PowerShell, using the .csv file created in the previous step:
    .\RemediationMode.ps1 -InputFileName <path to file> -Office365AdminUserName <user name>
    1. If the script stops executing due to errors, follow the troubleshooting instructions, and then run RemediationMode.ps1 again.
    2. After successfully running the script, wait 20  minutes, and then run the RemediationMode.ps1 script again to resolve any replication collisions created by the first run of the script.
  7. Install the Directory Sync tool.
  8. Synchronize your directories using the Directory Sync tool.

Hotmail Management Agent (MAv3)

Depending on where you are located, support for MAv3 with Live@edu ended on April 20, 2013 or will end on May 27, 2013. MAv3 is not supported in Office 365 and will stop working once the upgrade to Office 365 starts, even if the upgrade is initiated before May 27, 2013.

 

To switch from MAv3 to Directory Synchronization, complete the following steps.

Before the upgrade

  1. Disable MAv3:
    1. Open the ILM Identity Manager console.
      1. Go to Start > All Programs > Microsoft Identity Integration Server > Identity Manager.
    2. Click Management Agents.
    3. Select the Windows Live Management Agent, and then click Stop.
If you want to use the same server for the Directory Sync tool, uninstall all components of Identity Lifecycle Manager (ILM) 2007.

After the upgrade

  1. Activate Directory synchronization for your upgraded production domain in Office 365.
    • This process takes 24 hours to complete, but you can continue with the steps 2-6 while waiting.
  2. Download the Cloud Directory Preparation scripts.
    • These scripts can be run from any domain-joined computer with Windows PowerShell installed.
  3. Open a Windows PowerShell command prompt and navigate to the folder containing the scripts.
  4. In order to allow the scripts to execute, run the Windows PoweShell command:
    Set-ExecutionPolicy Unrestricted.
  5. For each top-level organizational unit, run the read-only script ReadMode.ps1 in Windows PowerShell:
    .\ReadMode.ps1 -OutputFileName <path to file> -Office365AdminUserName <user name> -LDAP <"LDAP path">
    1. View the output .csv file, and determine if it is ready to use with the RemediationMode.ps1 script.
      • If no errors are found, the .csv file will have four columns: Primary SMTP address, Scenario, ADObjectGUID, and CloudObjectGUID.
        • If the file has these four columns but no other data, proceed directly to step 8 since no remediation is needed.
        • If the file has the four columns and rows with data, continue to step 7 to remediate the issues listed in the file.
      • If there are any errors, follow the troubleshooting instructions to troubleshoot any problems, and then run ReadMode.ps1 again.
  6. For each top-level organizational unit, run the remediation script RemediationMode.ps1 in Windows PowerShell, using the .csv file created in the previous step:
    .\RemediationMode.ps1 -InputFileName <path to file> -Office365AdminUserName <user name>
    1. If the script stops executing due to errors, follow the troubleshooting instructions, and then run RemediationMode.ps1 again.
    2. After successfully running the script, wait 20  minutes, and then run the RemediationMode.ps1 script again to resolve any replication collisions created by the first run of the script.
  7. Install the Directory Sync tool.
  8. Synchronize your directories using the Directory Sync tool.

OLMA, no Active Directory, and custom code

Microsoft fully supports Active Directory synchronization in Office 365, Due to the custom nature of non-Active Directory implementations of directory synchronization, Microsoft cannot provide detailed change instructions for Office 365.  You are responsible for the update of your on-premises directory synchronization to Office 365.  

In order to give you time to update your current solution for directory synchronization, you can continue to use the Outlook Live Management Agent (OLMA) for 30 days after you upgrade.

  • Until OLMA is disabled, the academic plans for Office 365 for education will not be available for you to subscribe to.
  • If you do not manually disable OLMA, it will be automatically disabled 30 days after the upgrade from Live@edu completes.

Before the upgrade

Plan for your updates to non-Active Directory or custom code directory synchronization:
  1. Verify the on-premises directory service your organization is using.
  2. Plan for the necessary changes to directory synchronization with Office 365.

After the upgrade

Update your on-premises directory synchronization tool to sync with Office 365.

  1. Sign in to the Live@edu Service Management Portal by using your Live@edu user name and password (not the new password you set for Office 365).
  2. Click Disable OLMA.
  3. Implement the required changes you identified to synchronize your on-premises directory with Office 365.

Additional developer resources

Office 365 Dev Center

Use Windows PowerShell cmdlets to manage your Windows Azure AD tenant