Active Directory
Infraestrutura do Active Directory
Objetos & Atributos
Objetos & Atributos
http://support.microsoft.com/kb/2439357/en-us
Objetos & Atributos
Character
`
(
)
@
'
&
\
=
?
/
%
Name
space character
apostrophe
opening parenthesis
closing parenthesis
at sign
single quotation mark
ampersand
pipe
equal sign
question mark
forward slash
percent
Objetos & Atributos
Objetos & Atributos
http://technet.microsoft.com/en-us/library/hh852533
Objetos & Atributos
http://support.microsoft.com/kb/2256198/en-us
Objetos & Atributos
http://technet.microsoft.com/en-us/library/hh974319.aspx
Ferramentas
http://community.office365.com/en-us/forums/183/p/2285/8155.aspx
Ferramentas
http://www.microsoft.com/resources/TechNet/en-us/Office/media/WindowsPowerShell/WindowsPowerShellCommandBuilder.html
http://technet.microsoft.com/en-us/library/hh974317
http://technet.microsoft.com/en-us/library/hh852466.aspx
DirSync
DirSync
DirSync
Error 016: Synchronization has been stopped. This company has exceeded
the number of objects that can be synchronized. Contact Microsoft Online
Services Support.
DirSync
A Directory Service quota is implemented by using Office 365 as a method to limit the maximum number of objects that can be created and owned by a single security principal. If an online
company has a legitimate need to synchronize more than the Directory Service quota limit, the company must submit an Service Request with the Office 365 Technical Support.
Q. Do objects that were manually added through the Office 365 portal or the Office 365 API such as Exchange Online PowerShell count against my online company quota?
A. Yes.
Q. Do deleted objects count against my online company quota?
A. Yes . When an Office 365 customer deletes an object from his or her online company, the deleted object is put into a deleted objects container in the Office 365 Directory Service. The object
remains in the deleted objects container until the tombstone lifetime expires. The expiration is currently set to 30 days for Microsoft Online Services. All objects in the deleted objects container
continue to consume up to 25 percent of the AD DS quota for an online company.
For example, consider the following scenario. An online company is evaluating Office 365 by using a nonproduction on-premises AD DS environment. The company performs a bulk
synchronization of 8,000 group objects and contact objects by using the Directory Synchronization Tool. Later, the online company decides to do the following:
1. Delete those group objects and contact objects from the company's on-premises nonproduction AD DS environment
2. Add 8,000 user objects to its on-premises nonproduction AD DS environment
3. Synchronize the updates to its online company
The 8,000 group objects and contact objects are moved to the deleted objects container in the Office 365 Directory Service (DS). And, these objects continue to consume up to 25 percent of
the online company quota (This percentage is equal to 2,000 objects, or 8,000 × 25 percent) until they are permanently removed after the 30-day tombstone period. Therefore, after
synchronizing the 5,000 new user objects, the online company will consume 10,000 objects of its available AD DS quota, 2,000 from deleted objects plus 8,000 from new user objects. During
the 30-day tombstone period (and this period may coincide with the online company evaluation period), the online company may be unable to add any additional objects by using the
Directory Synchronization. This condition occurs because the online company's Directory Service quota has been reached.
In this scenario, the online company that is performing the evaluation of Office 365 must reduce the number of objects in its non-production on-premises AD DS environment to complete the
product evaluation. However, if the online company cannot reduce the number of objects, the company must request an increase in its Office 365 Directory Service quota.
DirSync
DirSync
DirSync
DirSync
DirSync
DirSync
us/office365-enterprises/ff652544.aspx
http://onlinehelp.microsoft.com/en-
DirSync
DirSync
DirSync
Número de objetos no Active Directory
CPU
Memória
Hard disk
Menos que 10.000
1.6 GHz
4 GB
70 GB
10.000 – 50.000
1.6 GHz
4 GB
70 GB
50.000 – 100.000
1.6 GHz
16 GB
100 GB
100.000 – 300.000
1.6 GHz
32 GB
300 GB
300.000 – 600.000
1.6 GHz
32 GB
450 GB
Mais que 600.000
1.6 GHz
32 GB
500 GB
DirSync
Office 365 – Usuários Aparecem com o Domínio O365 após o DirSync
http://community.office365.com/en-us/blogs/office_365_technical_blog/archive/2011/05/06/video-office-365-users-appear-with-o365-domain-after-dirsync.aspx
DirSync
http://community.office365.com/en-us/wikis/sso/configure-filtering-fordirectory-synchronization.aspx
`
DirSync
DirSync
Resultado da
Intervalo de Nos
cada
sincronização.
ação.exatamente
Útil para
mostrará
Resultado
de cada
identificar
possíveis
quantos
objetos
atividade.
No evento
gargalos
na
operação
foram sincronizados.
de uma falha,
de sincronização
podemos saber
exatamente onde ela
ocorreu.
35 | Microsoft Confidential
DirSync
Após a sincronização
completa, o valor desta
chave voltará para 0, que é
o valor padrão.
DirSync
O valor 3:0:0 quer dizer:
Três horas, zero minutos, e zero
segundos.
Se quisermos alterar para, por
exemplo, 1 hora e 30 minutos o
arquivo ficaria com o valor 1:30:0
Use intervalos coerentes
DirSync
Selecione a opção Metaverse
Na opção “Scope by Object Type”,
Search
selecione, por exemplo “person” e
selecione “Add Clause”.
Com esta opção já podemos fazer
uma pesquisa, e verificar quais
Podemos
por exemplo,
filtrar Mas
as
são as contas
sincronizadas.
Dezenas
de
outras
condições
contas
que fazer
são do
é possível
umdepartamento
filtro ainda
podem
ser
feitas,
dando-nos
“Contabilidade”,
o filtro mostrará
maior.
diversas
opções
de pesquisa
apenas um usuário.
através desta ferramenta.
DirSync
Selecione a opção “Management
Agents”.
Existem dois “Management
Agents” disponíveis, vamos
selecionar o “SourceAD”. E com o
botão
direito
selecione
“Search
Podemos
fazer
vários filtros,
desta
Connector
Space”.
forma vamos
escolher “Imported
Since”
e escolher
uma data.
O resultado
nos mostrará
todos
os objetos que foram
sincronizados desde a data
informada. No nosso exemplo,
foram 141 objetos.
ADFS
ADFS
ADFS
ADFS
ADFS
Hybrid Deployment
Hybrid Deployment
Get-MoveRequest -Identity [email protected] | Get-MoveRequestStatistics
-IncludeReport | Select *
14/3/2012 3:09:39 [O365ServerName] Failed to convert the source mailbox
'Primary (19c8b8ef-aea3-48b4-a1ef-a8ed282e81d0)' to mail-enabled user after
the move. Attempt 19/21. Error: UpdateMoved MailboxPermanentException.
14/3/2012 3:09:39 [O365ServerName] Post-move cleanup failed. The operation
will try again in 30 seconds (19/21).
14/3/2012 3:10:56 [O365ServerName] Unable to update Active Directory
information for the source mailbox at the end of the move. Error:
UpdateMovedMailboxPermanentException.
14/3/2012 3:10:56 [O365ServerName] Request is complete.
Comece pelo Básico
 Planejamento
 Preparação
 Migração
 Plano de Comunicação
(http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652543.aspx)
Desafio para a comunidade!!
RECONEXÃO DE PST EM CASOS
ONDE O PERFIL OUTLOOK NÃO É
MANTIDO
Em migrações sem Rich Coexistence (também conhecido como
Hybrid Deployment) onde o perfil Outlook não é mantido,
ajuda os usuários finais se um script puder ser executado para
guardar os PST em uso e então reconecta-los posteriormente.
Este pode ser um serviço “self servisse” onde o usuário pode
rodar o utilitário antes e depois da migração.
REMOVER CARACTERES ACENTUADOS
Bastante útil possuir um script para remover caracteres
acentuados, substituindo estas incidências por caracteres normais,
exemplo: á, à, ã, ä por a; ç por c; é, è, ë, ê por e; e assim
sucessivamente.
LISTAR PERMISSÕES DOS MAILBOXES
Criar um script para listar as permissões FullAccess, SendAs e SendOnBehaldOf do Exchange onpremises, isso facilitará a definição de lotes de migração evitando que acessos sejam
“quebrados” na migração.
“Delegates” são replicados pelo DirSync no O365, ao contrário do que acontecia com BPOS.
SCRIPT PARA CORREÇÃO DE givenName
e surName VAZIOS
Diversos Active Directory possuem os atributos givenName e surName
em branco, onde uma possibilidade de corrigir esta informação é a
partir do displayName popular estes atributos.
SCRIPT PARA DEFINIR O UPN IGUAL AO
ENDEREÇO PRIMÁRIO DE SMTP
(proxyAddresses)
Grande parte dos clientes visam definir o UPN de acordo com o endereço
primário de SMTP, que é o valor com “SMTP:” no atributo proxyAddresses.
Esta alteração do UPN não gera efeito colateral no dia-a-dia dos usuários.
MIGRAR MAILBOX
Desenvolver um script para migração de mailbox em um ambiente Hybrid.
Esse script já deve definir a localização do usuário, atribuir licença e efetivamente
migrar.
Caso o cliente não usar ADFS, também é uma opção já definir as senhas.
PROVISIONAR UM MAILBOX PARA MIGRAÇÃO
Ao invés de criar um new-moverequest, também é uma boa opção ter um script que
apenas prepara o move rodando prepare-moverequest, onde posteriormente
bastaria rodar um resume-moverequest
DirSync
DirSync
[email protected]
mikek.local\Administrator
wwwwwwwwww
wwwwwwwwwwwwwwww
DirSync
Office 365 Directory Synchronization by default comes with SQL Server Express 2005. Microsoft SQL Server
Express editions have limitations and you should consider these limitations if you are going to use an Express
Edition.
SQL Express 2005 Limitations
By default, SQL Server Express 2005 has a maximum file-size limitation of 4 gigabytes (GB). As a general guideline,
the 4 GB file-size limitation may prevent you from synchronizing more than 50,000 objects to Office 365. However,
this depends on the data consumption, therefore you may be able to synchronize more or less than the guideline
of 50,000 objects.
SQL Express 2008 Limitations
By default, SQL Server Express 2008 has a maximum file-size limitation of 10 gigabytes (GB). As a general
guideline, the 10 GB file-size limitation may prevent you from synchronizing more than 125,000 objects to Office
365. However, this depends on the data consumption, therefore you may be able to synchronize more or less than
the guideline of 125,000 objects..
DirSync
1. Open a command prompt running as an administrator, and then move to the folder in which you saved the
installation program.
2. At the command prompt, type dirsync /fullsql.
3. If you receive a User Account Control prompt, click Continue, or type the user name and password of an
administrator account, and then click OK.
4. On the Welcome page, click Next.
5. On the Microsoft Software License Terms page, read the license terms, select I accept the Microsoft Software
License Terms, and then click Next.
6. On the Select Installation Folder page, select an installation folder location, and then click Next.
7. On the Installation page, wait for the installation to complete, and then click Next.
8. On the Finished page, click Finish.
9. On the computer on which the Directory Synchronization was installed, open Windows PowerShell.
10. At the Windows PowerShell prompt, type Add-PSSnapin Coexistence-Install.
11. - To install the Directory Synchronization onto the same system as the SQL Server
type Install-OnlineCoexistenceTool –UseSQLServer –Verbose.
- To install the Directory Synchronization by using a remote installation of SQL Server type InstallOnlineCoexistenceTool –UseSQLServer –SqlServer <SQLServerName> -ServiceCredential (Get-Credential) –
Verbose.
DirSync
11. - To install the Directory Synchronization onto the same system as the SQL Server
type Install-OnlineCoexistenceTool –UseSQLServer –Verbose.
- To install the Directory Synchronization by using a remote installation of SQL Server type InstallOnlineCoexistenceTool –UseSQLServer –SqlServer <SQLServerName> -ServiceCredential (GetCredential) –Verbose.
- To install Directory Synchronization by specifying the SQL Instance
you would add the "-SqlServerInstance" parameter. For example, you would run the following similar command:
Install-OnlineCoexistenceTool -UseSQLServer -SqlServer <SQLServerName> -ServiceCredential (GetCredential)
-SqlServerInstance <SqlInstanceName>
12. At the Windows PowerShell Credential Request prompt, type the user name and password of the domain
account that will be used to run the Microsoft Identity Integration Server service and the Office 365 Directory
Synchronization service.
13. Run the Microsoft Online Services Directory Synchronization Configuration Wizard to complete the installation.
DirSync
Important You must successfully complete the Microsoft Online Services Directory Synchronization Tool Configuration Wizard before
synchronization can occur.
Parameter options for Install-OnlineCoexistenceTool
-ServiceCredential <PSCredential>
Credential to be assigned to the Microsoft Identity Integration Server service. When this parameter is not specified, an MIIS_Service account
will be created on the local machine. The credential is also used by the Microsoft Online Services Directory Synchronization Service.
-UseSQLServer
This flag causes the install to skip installation of SQL Express. Use this flag with one or both of the following parameters: SqlServer,
SqlServerInstance.
-InstallPath <String>
Optional parameter to specify the path to the folder that contains the files to be installed. These files include the SQL Express Setup program,
SQLEXPR32_x86_ENU.exe, and the Microsoft Identity Integration Server.msi and DirectorySync.msi files.
-SqlServerInstance <String>
The name of the SQL Instance that MIIS will use.
-SqlServer <String>
The name of the server that is hosting SQL for MIIS.
DirSync
Error Name
AdminRequired
Error Details
Local Administrator permissions are required to install Directory Synchronization.
DirSyncAlreadyInstalled
The Directory Synchronization tool is already installed. Version {0}
DirSyncInstallKeyNotRemoved
Windows Installer could not remove the uninstall registry key from the Microsoft
Online Services Directory Synchronization MSI. Retry un-install or contact Microsoft
Online Support.
A complete installation of the Microsoft Online Services Directory Synchronization
tool was not detected on this machine. Please uninstall any versions of this tool and
then reinstall the most recent version.
Unable to start synchronization due to configuration issues. To fix the issues, try
running the Configuration Wizard. If you continue to see this error please contact
Microsoft Online Support.
Microsoft Windows Installer 4.5 is required for installation. Please install Microsoft
Windows Installer 4.5 and try again.
Could not clear the run history on the MIIS Server. Error returned is '{0}'. Contact
Microsoft Online support.
User Principal Name (UPN) is your logon name. This error is displayed when the user
enters credentials for Microsoft Online that do not contain an '@' character.
The Enterprise Administrator credentials that you supplied are not valid. Supply valid
credentials and try again.
Internet Explorer proxy settings were not set. Initial configuration using setup wizard
may not be able to access online help. WinInet Error {0}
Current local directory does not have Exchange 2010 installed. Rich coexistence is not
allowed.
DirSyncNotInstalledError
ErrorReRunConfigWizard
WindowsInstaller45Required
ErrorClearRunHistory
InvalidUPNFormat
ADCredsNotValid
InternetSetOptionError
RichCoexistenceNotAllowed
Source
Event Viewer/
Error Prompt
Event Viewer
Event Viewer
Resolution
Uninstall all previous versions of DirSync before attempting the install the latest
version.
Manually remove the registry keys to complete the installation.
Event Viewer
Uninstall all previous versions of DirSync before attempting the install the latest
version.
Event Viewer
Run the DirSync configuration wizard.
Event Viewer
Ensure that the server DirSync is being installed on meets the minimum
requirements.
Event Viewer
Event Viewer
Enter a valid credentials for Microsoft Online Services and to continue.
Event Viewer
The installation wizard was unable to verify that the user account being used to
install (No Suggestions) is an Enterprise Administrator.
Verify that they proxy settings entered into Internet Explorer are correctly formatted
because the Installation Wizard was not able to read/modify these settings correctly.
Install all of the required prerequisites for Rich Coexistence before attempting to
install DirSync coexistence is not allowed
Event Viewer
Event Viewer
DirSync
ErrorNoStartConnection
ErrorNoStartCredentials
ErrorNoStartNoDomainController
ErrorStoppedConnectivity
ErrorStoppedDatabaseDiskFull
InstallNotAllowedOnDomainController
InstallPathLengthTooLong
InsufficentDiskSpace
InvalidPlatform
MachineIsDomainJoinedUserIsNot
MachineIsNotDomainJoined
Synchronization failed to start because of connection
issues or domain controllers could not be contacted by
the server. Verify that you are connected to the server
and all the configured domain controllers are connected
to the network. If you have recently deleted domain or
naming context, please rerun the Configuration Wizard.
Synchronization failed to start because of credential
problems. Rerun Configuration Wizard to update
credentials for Synchronization.
Synchronization failed to start because the domain
controller could not be contacted by the server. Verify
that the domain controller is connected to the network.
Synchronization stopped because of connectivity loss.
Restore connectivity to the server.
Event Viewer
Confirm that the local Active Directory Domain Controllers are accessible from the server
running DirSync.
Event Viewer
Run the DirSync Configuration wizard and re-enter credentials. The customer should also
confirm that the credentials have Admin access to MOAC.
Event Viewer
Confirm that the local Active Directory Domain Controllers are accessible from the server
running DirSync.
Event Viewer
Synchronization stopped because the SQL Server
database used by the Synchronization server is full.
Create some space in the SQL Server database.
Microsoft Online Services Coexistence can not be
installed on a domain controller.
The installation path is too long. Provide a path of 116
characters or fewer and then try again.
Insufficent Disk Space
The Microsoft Online Services Directory Synchronization
tool must be installed on a computer running Windows
Server 2003 Service Pack 2 or later.
The computer is joined to a domain, but the current
user credentials do not have access permissions on the
domain.
The computer is not joined to any domain.
Event Viewer
Event Viewer
Confirm that the local workstation can access the Internet. Have the user attempt to ping
provisioning.microsoftonline.com to verify that it can reach the DirSync Service on Microsoft
Online.
Free up space on the storage used to hold the DirSync SQL Database. If the issue is not
resolved DirSync will not be able to run successfully and the SQL database may be permanently
damaged.
DirSync can only be installed on domain joined computers that do act as Domain Controllers
Event Viewer
For the installation of DirSync that the total path length has to be less than 116 characters.
Event Viewer
Event Viewer
There is not enough space to install DirSync on the local workstation.
Ensure that the server DirSync is being installed on meets the minimum requirements.
Event Viewer
Log in as a domain user with an account that meets the minimum requirements before
attempting to install DirSync.
Event Viewer
Ensure that the server DirSync is being installed on meets the minimum requirements.
DirSync
MachineNotDomainJoined
MIISSyncIsInProgressError
The computer must be joined to a domain.
The synchronization engine is busy. Retry this operation after this
synchronization session is complete.
Event Viewer
Event Viewer
MIISUserAddRight_AccountNotFound
Account name:'{0}' could not be found. Error Code:{1}
Event Viewer
MIISUserAddRight_AddFailed
'{0}' could not be added to the account rights for '{1}'. Error code:{2}
Event Viewer
MIISUserAddRight_PolicyHandleNotFound Failed to obtain the policy handle. Error Code:{0}
Event Viewer
PowerShellRequired
UnsupportedNameFormat
Event Viewer
Event Viewer
UserNotAMemberOfMIISAdmins
UserNotAnEnterpriseAdmin
UnsupportedClientVersion
InternetQueryOptionError
PowerShell must be installed.
The name format is not supported. Two examples of the supported
user name formats are: [email protected] or
example\someone.
The current user is not a member of the Microsoft Identity Integration
Server (MIIS) Admin group. If you have recently installed the Microsoft
Online Services Directory Synchronization tool, you may need to log
off and then log on.
User '{0}' is not a member of the Enterprise Admins group.
Ensure that the server DirSync is being installed on meets the minimum requirements.
This means there is an existing operations being completed by the MIIS and that any new
operations for (No Suggestions) can only be completed once the current operation is
completed.
DirSync was not able to add the local account being used to complete the installation to
the MIIS Admin Group. The user should be manually added to the group to continue with
the installation.
DirSync was not able to add the local account being used to complete the installation to
the MIIS Admin Group. The user should be manually added to the group to continue with
the installation.
DirSync was not able to add the local account being used to complete the installation to
the MIIS Admin Group. The user should be manually added to the group to continue with
the installation.
Ensure that the server DirSync is being installed on meets the minimum requirements.
Enter valid credentials for Microsoft Online Services and to continue.
Event Viewer
Manually add the local Active Directory user account used to run DirSync to the MIIS
Admin Group.
Event Viewer
Manually add the local Active Directory user account used to run DirSync to the Active
Directory Enterprise Admin Group.
Download the latest version of the DirSync Tool from the Office 365 portal.
This version of the Directory Synchronization tool is no longer
Event Viewer
supported. Remove this version and then install the latest version from
the Directory Synchronization page of the Migration tab in the
Microsoft Online Services Administration Center.
Internet Explorer proxy settings were not read. Initial configuration
Event Viewer
using setup wizard may not be able to access online help. WinInet
Error {0}
Verify that the proxy settings entered into Internet Explorer are correctly formatted because
the Installation Wizard was not able to read/modify these settings correctly.
DirSync






2386445 : Error message in the Microsoft Online Services Directory Synchronization tool in Microsoft
Office 365: "Your version of the Microsoft Online Services Directory Synchronization Configuration
Wizard is outdated“
2310320 : Error message when you try to run the Microsoft Online Services Directory
Synchronization Configuration wizard: "Your credentials could not be authenticated. Retype your
credentials and try again"
2508225 : "LogonUser() Failed with error code: 1789" after you enter enterprise administrator
credentials in the Directory Synchronization Configuration Wizard in Office 365
2502710 "An unknown error occurred with the Microsoft Online Services Sign-in Assistant" error
occurs in the Microsoft Online Services Directory Synchronization Configuration Wizard when you
try to sign in to Microsoft Online Services
2410859 Firewall prevents users from using Microsoft Online Services Directory Synchronization, rich
clients, or the Microsoft Online Services Identity Federation Management tool in Office 365
2419250 "The computer must be joined to a domain" error message occurs when you try to install
Microsoft Online Services Directory Synchronization Tool
DirSync
SYMPTOMS
Consider the following scenario. You want to manually manage or remove objects that were created through directory
synchronization from the Microsoft Office 365 directory. For example, you want to remove an orphaned user account that was
synchronized to Office 365 from your on-premises Active Directory Domain Services (AD DS). However, you cannot remove the
orphaned user account by using the Office 365 portal or by using Windows PowerShell.
CAUSE
This issue may occur if one or more of the following conditions are true:
 Cause 1: The Microsoft Office Online Services Directory Synchronization tool is no longer running. Therefore, even if you
update or delete the object from the on-premises AD DS, the deleted object does not synchronize to your Office 365 tenant.
 Cause 2: The on-premises AD DS is no longer available. Therefore, you cannot manage or delete the object from the onpremises environment.
 Cause 3: You deleted an object from the on-premises AD DS. However, the object was not deleted from your Office 365
tenant. This is unexpected behavior.
DirSync
RESOLUTION For Cause 1
You want to delete an object in Microsoft Office 365. But you do not want to delete the object from the on-premises
AD DS. Additionally, you want to continue using directory synchronization.
Warning You can deactivate and reactivate directory synchronization. Deactivating and reactivating directory synchronization affects email migration, identity management,
and single sign-on functionality. In some scenarios, reactivating directory synchronization can overwrite objects that have been previously synchronized to the cloud. Therefore,
before you toggle directory synchronization activation, make sure that you read Directory Synchronization and source of authority.
1.
2.
3.
4.
5.
6.
7.
Install the local Windows PowerShell cmdlets (Use Windows PowerShell to manage Office 365)
Start the Microsoft Office Online Services Module for Windows PowerShell.
Disable directory synchronization. Type the following cmdlet, and then press Enter: Set-MsolDirSyncEnabled -EnableDirSync $false
Verify that directory synchronization is fully disabled by using Windows PowerShell. To do this, run the following cmdlet periodically: (GetMSOLCompanyInformation).DirectorySynchronizationEnabled
This command will return True or False. Continue to run this cmdlet periodically until it returns False, and then go to step 5.
Note It may take 72 hours for the deactivation to be completed. The actual time depends on the number of objects that are in your Office 365
subscription account.
Try to update an object to verify that you can delete the object.
Delete the object by using Windows PowerShell or by using the Office 365 portal (Windows PowerShell cmdlets for Office 365)
To re-enable directory synchronization, run the following cmdlet: Set-MsolDirSyncEnabled -EnableDirSync $true
DirSync
RESOLUTION For Cause 2
You want to manage objects in Office 365, and you no longer want to use directory synchronization.
1. Install the Local Windows PowerShell cmdlets. To do this, visit the following Microsoft website: Use Windows
PowerShell to manage Office 365
2. Start Microsoft Office Online Services Module for Windows PowerShell.
3. Disable directory synchronization. To do this, type the following cmdlet, and then press Enter: SetMsolDirSyncEnabled –EnableDirSync $false
4. Verify that directory synchronization was fully disabled by using the Windows PowerShell. To do this, run the
following cmdlet periodically: (Get-MSOLCompanyInformation).DirectorySynchronizationEnabled
This cmdlet will return True or False. Continue to run this cmdlet periodically until it returns False, and then go
to the next step.
Note It may take 72 hours for deactivation to be completed. The time depends on the number of objects that
are in your Office 365 subscription account.
5. Try to update an object by using Windows PowerShell or by using the Office 365 portal
DirSync
RESOLUTION For Cause 3
You delete an object from an on-premises AD DS. However, the object is not deleted from your Office 365
subscription account.
Force directory synchronization by using the steps on the following Microsoft website:
Force directory synchronization
• If some updates and deletions are propagated, but some deletions are not synchronized to Office 365, perform
typical directory synchronization troubleshooting procedures.
• If all updates and deletions are not synchronized to Office 365, contact Microsoft Office 365 technical support.
MORE INFORMATION
For more information about Windows PowerShell cmdlets, visit the following Microsoft website: Windows
PowerShell cmdlets for Office 365