Sign up for Office 365
Learn more about Office 365
Here are the facts:
1) We chose to do a staged migration because it was the best business choice
2) We enable directory sync for Office online
3) The local synchronization tool fails to recognize anyone as an Enterprise Admin and therefore can't run
4) Microsoft partners get involved and they can't solve the Active Directory issue or figure out why the EA role isn't recognized by the directory sync tool.
5) Now I can't go back and do a cutover migration
What are my options and what are your suggestions?
Thanks for the feedback.
1 out of 1 people found this post helpful.
Thanks for your post. The local dirsync tools only syncs the user to the cloud side and if you need to assign some users as a cloud admin account. You need to manually assign the permission on MOP (Microsoft Online Portal).
Thanks, Neo Zhu
0 out of 1 people found this post helpful.
I may have phrased my situation poorly so let me clarify: The dirsync tool will not complete. Please see item 3 of my post. Your reply suggests some changes to the cloud. That has not happened.
For running synchronization tool , we nee to input two credential, one for the local admin and one for the cloud admin. As for this case, I'd you use domain "administrator" account to launch it. If still fail, I'm thinking the problem is the connection problem between your ADFS server and AD
Yes, there is a problem between Active Directory file sync and Active Directory; namely it won't recognize any user who has Enterprise Administrator permissions and it therefore won't run (fact number 3 in my post). We can't resolve the Active Directory issue, spent days on it with Microsoft Partner help, and therefore can't proceed and are stuck (4, 5 above).
As the user can’t be recognized as local administrator over Microsoft Online Services Directory Synchronization tool, would you please check the following information and make sure it has been met on your side?
1. Make sure the service account using both your local Active Directory permissions and your Office 365 permission.
2. The directory synchronization computer meets the requirements.
Prepare for directory synchronization
I don't understand exactly what you mean in your requested item 1. Did you mean: Make sure the service account IS using both your local Active Directory permissions and your Office 365 permission? We are not using a single sign-on so how would a single service account exist in both places before the Microsoft Online Services Directory Synchronization tool synced AD to the cloud? All of the rest of the requirements have been met for a non single sign-on.
Whose credentials were used to install the DirSync tool? This should be the credentials of an Exchange Enterprise Admin. If DirSync has not ever completely run, have you tried unistalling it and re-installing it with Exchange Enterprise admin credentials. The credentials used need to have Exchange Schema admin permissions as well. Please let me know.
I look forward to hearing from you.
Brandon KempmaOffice 365 Technical Support.
I have used at least six credentials with Enterprise Admin rights and the ones you mention to install and run the sync tool. I hired a Microsoft Partner to try the same thing and they failed. I spent 3 hours on the phone with MS support today and we did all the stupid things again with them watcing and they are stumped. I can give you a case number if you like. You are offering low hanging fruit and dude and I appreciate it but have been reaching for that stuff for a while.
I got your email but you sent it from a No Reply address so I am posting my case number here.
1176335225 Is my case number. I really wish I had time to figure out the answer but I am going to disable synchronization and do a cutover migration. Wasn't my first choice but the client needs to get moving so don't spend too much time chasing this down. I do appreciate the effort though.
Hi, some body have news about this problem? I´m suffering the same issue and I´m without a clue, help please !!!
Sadly no. Sorry. I gave up and worked around it.
I try setting the Ent admins group as the pricipal group for my account and sadly it wasn't help, so I´m still with the problem, some one have another clue?
I closed my ticket buy the Microsoft guy said he had setup some things in the lab to troublesoot. Send me an email at email@example.com and I will give you his contact info. Perhaps he can take up where I left off.
Interesting how this came up all the sudden because it happen to one of my client. Everything was working fine then bam it stop. Did a reinstall, got the problem. This time MSFT claimed that an update was release which broke authenicatation to Windows 2003 DCs. How it got past MSFT Q/A I have no idea. But, if you had automatic updates enabled, you probably got the bugged up version which was released early May.
In order to get this worked by the appropriate team, please submit a Service Request from your Microsoft Online Services Portal. This will just be the avenue that is necessary to get this issue to the correct team.