EDIT: This article seems to be popular, however readers should note it is from 2011! Check out the updated article here:
Upgrading DirSync to the Latest Version
As Microsoft has already stated, the new 64-bit version of DirSync.exe is not installed or configured differently than its 32-bit predecessor. However, as a tinkerer, I wanted to verify this and have a look under the hood anyway!
Below are some screenshots of my experiences and insights along the way:
Before you start: Read and follow the instructions! In this article, I assume you’re at the point where you’re actually ready to install this product.
|1. First I installed the .Net Framework prerequisites as well as my favorite MMC snap-ins onto a new Windows 2008 R2 server. You can do this using the following two lines in PowerShell||Import-Module ServerManagerAdd-WindowsFeature NET-Framework,RSAT-ADDS -Restart|
|2. Then I ran dirsync.exe (downloaded from the portal.microsoftonline.com site).a. NOTE: Microsoft didn’t bother to change the installer’s executable name (dirsync.exe). This may be confusing if you plan to download and store both x86 and x64 versions.|
|3. A few clicks of the “Next” button…|
|a. NOTE: We install to the “Program Files” directory. If this were a x86 application we’d be using “\Program Files (x86)”|
|b. NOTE: This screen may take 5-10 minutes. It’s installing a few things in the background:i. SQL 2008 R2 Expressii. Forefront Identity Manager 2010 (FIM)iii. Configuration of the FIM Management Agents (MAs)|
|4. Once the background tasks have completed, you’re able to run the Configuration Wizard. This is where you will need to have your Office 365 tenant prepared and credentials identified, etc.|
|6. You should have created this account earlier. Whatever you put in here will be stored within FIM, and if you ever change the credentials, you’ll need to re-run this setup wizard.|
|a. Or for the expert user: Dive into FIM directly|
|7. Here you need to supply your forest’s Enterprise Admin credentials. This username is not saved anywhere, and is only needed once to set permissions for these new objects:a.
|8. Selecting this box enables some extra features required for a “hybrid deployment” / “rich coexistence”, and by doing so you’ll allow FIM to update attributes IN YOUR Active Directory. If this box is not checked, FIM will read-only.|
|10. If you’re ready, you can run the initial full synchronization now. Otherwise, you can run it manually at any time.a. Once configured, DirSync runs every 3 hours.|
|11. If you promise to be careful, you can poke around in the FIM configuration. a. Note the “hidden” client UIb. If you get an error when opening the FIM console, log out and then back in. Your account was added to some groups that are not yet part of your login ticket.c. Clicking the Management Agents tab shows both sides of your configuration. “TargetWebService” is responsible for all of the Office 365 configurations and the “SourceAD” management agent contains your Active Directory connector information (double-click them to open).NOTE: Changing the DirSync configuration directly within FIM is unsupported by Microsoft. They would prefer you rerun the previously mentioned Configuration Wizard if you need to make any changes.||C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe|
|12. Finally, be sure to run Microsoft Update again. You’ll notice that SQL 2008 R2 does not have SP1.|
Thanks for the FIM notes, Mike…helpful for solving annoying errors in the event log.
I’m using Windows Server 2008 R2 with SP1 installed. This server is not Active Directory, it is dedicated for ADFS proxy. I’ve activated AD Synchronization by following this article: http://technet.microsoft.com/en-us/library/dn144766.aspx. I tried to install DirSync.exe on my ADFS Proxy server but found an error. It said:
“The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail”
By the time of this error occurred, an event error ID 59 with source=SideBySide is created. It said:
“Activation context generation failed for “C:\Office365 Readiness\dirsync.exe”.Error in manifest or policy file “C:\Office365 Readiness\dirsync.exe” on line 0. Invalid Xml syntax.”
I tried to use sxstrace.exe and found this:
Begin Activation Context Generation.
Flags = 0
ProcessorArchitecture = AMD64
CultureFallBacks = en-US;en
ManifestPath = C:\Office365 Readiness\dirsync.exe
AssemblyDirectory = C:\Office365 Readiness\
Application Config File =
INFO: Parsing Manifest File C:\Office365 Readiness\dirsync.exe.
INFO: Manifest Definition Identity is (null).
ERROR: Line 0: XML Syntax error.
ERROR: Activation Context generation failed.
End Activation Context Generation.
DotNet 3.5.1 Framework is already installed on the server features.
Do you have any idea, what should I do to continue my AD Sync with Office365..?
I thought I read somewhere that DirSync shouldn’t be put on the same server as ADFS, but I can’t find it now. Perhaps that was outdated information. However, for my own piece of mind I would want DirSync to be on an internal server that can call out to Microsoft, and the ADFS Proxy to be in an external-facing DMZ/perimeter network. To be secured from a network perspective they would need to be on separate servers.
Excellent article, but now it is a little out of date now that they have upgraded DIRSYNC to include Password Sync. I have installed DIRSYNC2 (That is my name) and it changes the location of the files from “Microsoft Online Directory Sync” to “Windows Azure Active Directory Sync”. Also the Default Account created in AD for the Sync tool is changed from “Yourdomain\MSOL_AD_Sync” to “Yourdomain\MSOL_6b06ffadffb65” (at least on my system).
Windows Azure Active Directory Sync tool – Version Release History: http://social.technet.microsoft.com/wiki/contents/articles/18429.windows-azure-active-directory-sync-tool-version-release-history.aspx
If you like this post, you may like my others on DirSync: https://mikecrowley.wordpress.com/tag/dirsync/
FYI, for Windows 2012+, use: “Add-WindowsFeature NET-Framework-Core” for step 1″
Has anyone experienced this error when running through the Windows Azure Active Directory Sync Tool Configuration Wizard (after uninstalling and reinstalling the newest dirsync version)
Logon Failure: unknown name or bad password.
I have checked the Azure Admin account, Enterprise Admin account, and even the MSOL_xxx user.
I see these lines in the Event Log when running the wizard:
1. “could not find a management agent of type type Active Directory
2. “creating Domain Account (MSOL_xxx)
3. “Resetting password for DOMAIN\MSOL_xxx”
4. Sync from FIMSynchronizationService is not running.
5. Connected to Windows Azure Directory Sync Service. State: ‘running’
Accounts have sync’d into AZURE, but I checked miisclient and there is nothing in it.
DionCal, I get the same errors. Did you ever get directory synchronization to work?
The Active Directory Enterprise Admin Account I was using was not Globally Unique in my Forest. I created a New Enterprise Admin account, and it resolved the issue. This seems like a New Requirement that I have not seen documented anywhere for AAD.