EDIT (Nov. 22 2013): DirSync 1.0.6567.0018 Has Been Released
EDIT (Nov. 11 2013): DirSync 1.0.6553.2 has been removed from Microsoft’s download site and version history comment removed from the Wiki. Not sure why.
Early this morning, Microsoft released an updated version of Windows Azure Active Directory Sync tool (DirSync to you and me). Version 1.0.6553.2 (or later) can be downloaded from the usual link. It comes with 4 known improvements:
- Fix to address Sync Engine memory leak
- Fix to address “staging-error” during full import from Azure Active Directory
- Fix to handle Read-Only Domain Controllers in Password Sync
- DirSync can be installed on a Domain Controller. Documentation on how to deploy can be found here.
I am most excited about #4, as this enables me to build more interesting labs from my laptop, now that I don’t need a dedicated “DirSync Server”. You should note however, this is recommended only for “development” environments. After some further testing, I’d consider recommending this configuration for shops with multiple domain controllers and 50 or fewer users.
If you’re already running DirSync, and want to upgrade, you’re likely in one of two camps:
- You want to move DirSync from a dedicated server to a DC.
- You don’t want to move the DirSync server to a DC (or elsewhere), you just want the latest version.
If you’re in the first scenario, I’m going to assume you’re working in a lab or very small environment. This means you don’t need to worry about a lengthy synchronization process, and can easily take advantage of the built-in soft-match capability of the product. Your upgrade process is easy:
- Throw away your existing DirSync server.
- Install Dirsync on a DC.
- Run the Directory Sync Configuration Wizard
As soon as you finish the 3rd step, the initial synchronization will rebuild the database (and re-sync passwords), returning to where you left off!
NOTE: If you’re a big shop, you should consider that a full sync takes roughly 1 hour per 5,000 objects synced, according to a recent webcast by Lucas Costa. Soft-matches would likely go faster, but you’ve been warned…
Now, if you’re just looking to upgrade your version of DirSync to the latest version, you need to first ensure you are running versoin 6385.0012 or later. In-place upgrades aren’t supported on earlier versions. If this is you, refer to the soft-match advice I gave above. This is your upgrade path.
For those that are running 6385.0012 or later, upgrading is as simple as a few clicks of the mouse. For the nervous, here are some screenshots:
|NOTE: The installer detects an existing installation.|
|This is the default path, but it should reflect your installation directory.|
Hmm, that’s not good! Fortunately a reboot cleared this up for me, but if you’re not so lucky, you can examine the following logs:
…which are located in the earlier discussed installation directory.
|For an upgrade, you’ll want to run this right away, since not doing so leaves you without a functioning DirSync server.|
|Global Office 365 Administrator credentials go here. This is stored on your DirSync server, so make sure PasswordNeverExpires attribute is set to $true on the Office 365 account (or your on-premises account, if you’re using a federated user)|
|On-Premises Enterprise Admin credentials go here:|
|Checking this box allows some attributes to be written back to your Active Directory, which is necessary for a Hybrid Exchange Server scenario.|
|Enable Password Sync… or Don’t.|
|NOTE: Upgrades and new installs require a Full Sync.|
|This post wouldn’t be complete without a plug for my free DirSync Report script!|
Yep, MS have quietly withdrawn the new version of DirSync.
We had the issue of DirSync not completing the Azure Export phase with the new release.
After a week of troubleshooting, I had a call from an MS Back End support guy and he confirmed it is a known issue with this (now withdrawn) 1.0.6553.2 version of DirSync.
MS did not want us to go back to the 1.0.6475.7 version though, so the workaround is to set the batch size to 1 (instead of 30) for Exports on the Azure Connector.
Once we did this change, it did its Azure Export in 5 mins.
Apparently it will be fixed in the next release
I’ve heard this too, thanks for sharing.
Same with us. We have 116K accounts that couldn’t sync and I had a case opened for a week, but it appears you found this issue 2 days before my M.S. engineer. When they asked me for feedback about my experience today, i explained that i was displeased because your blog knew that the software was flawed and removed from their site 2 days before they told me and i wasted a weeks worth of work dealing with this.
Sadly this is not an uncommon occurrence with O365 support.
We are running DirSync tool on Windows Server 2003 32-bit, using Windows Powershell 1.0. The server that DirSync tool installed on is NOT a DC.
Can we upgrade to the latest DirSync tool in this environment? Do we need to upgrade PowerShell to 2.0 before upgrade DirSync tool?
No, x86 is not supported. See the system requirements here. Fortunatly, in most cases, you can simply remove the old instance, deploy a new installation, and everything will sync back up with out any fuss.
We have an existing DirSync server (1.0.5071.0) and would like to install the newest version of DirSync (1.0.6765.6) on the same server. Do we just install the newer version over top or do we uninstall the older version and then a new installation?
Also, There is a PS script that is run from this server to force a sync. With the new version, will the following still work?
1) Yes you should be able to do in-place upgrades for each version after 6385.0012, though I have not tested each version myself. I would go ahead and try. Worst case scenario, uninstalling and re-installing and then re-syncing results in no data loss anyway.
2) yes that should still work.
Thanks Mike! Appreciate it.
Hi when I run the powershell command to check my version it shows as 1.0.6385.0. Does this mean that I need to reinstall to get to latest version?
I believe the in-place upgrade functionality was added at 6553, so yes, i’d uninstall from add/remove programs and re-deploy. Everything should sync up, no big deal. 🙂
I am attempting to install on Server 2012 R2, keep getting an error saying: The install was unable to setup a required component. I have downloaded dirsync again, restarted server, run as Administrator with a Domain Admin account but no luck…can’t seem to see anything usefull in log either…Help!!
did you install .NET Framework 3.5 ?
Hi Mike, Hope you can possibly help me out! I work for a college and we had our Office 365 provision set up by a third party when we migrated over from Live@Edu. The current setup uses a FIM MA to carry out the sync, with connection rules configured within FIM (easy enough to set-up). Sign-in is handled by ADFS.
I have now been tasked with upgrading to the latest version of DirSync to take advantage of the password sync capability as my manager doesn’t like the admittedly slightly long winded, 2-step login process of ADFS. We are also pushing some staff in to the cloud as it is currently student only, but the sub-domain is already accepted and validated so that part should be fine.
My question is (sorry for taking so long to get here), Can I just disable the scheduled tasks that currently carry out our synchronization process, uninstall FIM, and then install and configure DirSync as if it was a first time set-up? If so will all of the existing accounts that have been provision in office 365 simply link back to their on-premise counterparts? Will I need to set the point of authority at any point to prevent account deletion?
Hope you can point me in the right direction, information on such a set-up seems very thin on the ground!
Brilliant site/ blog by the way, I’ve found it extremely helpful!
Replied to Lee directly…