Use the MOSDAL toolkit specifically to troubleshoot directory synchronization:
1. Refer to Chapter 2 for download and installation instructions for MOSDAL if needed, and then start MOSDAL. For this exercise, MOSDAL must be installed and started from the directory
synchronization server.
2. Click the O365 tab and select the directory synchronization check box, as shown in Figure 4-60.
Click Next.
Figure 4-60. MOSDAL with the directory synchronization option.
3. Provide the Office 365 account credential that directory synchronization uses and make sure you do not select the I want to skip this step check box, as shown in Figure 4-61. Click Next. Although MOSDAL does not require you to supply Office 365 credentials, this is needed for a comprehensive directory synchronization test.
Figure 4-61. MOSDAL requesting Office 365 logon credentials.
4. Click Next to start the testing process. Ignore the instructions on this page because you do not need to restart any applications for this particular test.
5. When the test is complete, click Exit And Show Files.
6. Windows Explorer will open and show the MOSDAL directories. The reports are organized by the date and time stamp of the test. Open the folder with the date and time stamp that corresponds to your test.
7. Open the Admin_Applications folder.
8. Open the Directory_Synchronization_Tool folder.
9. Locate a text file titled MOSDALLog_Directory_Synchronization_Tool. Open this log file with any text editor. This is the log file that details the directory synchronization test steps. Take note of any errors encountered by the test. We included details on how to resolve two of the most common errors in the Troubleshooting sidebar. Close the MOSDALLog_Directory_Synchronization_Tool file.
T ROUBLESHOOT ING: COM M ON M OSDAL ERRORS
If you open the Directory_Synchronization_Tool folder and see only one file, the MOSDALLog_Directory_Synchronization_Tool file, that usually means the directory synchronization test encountered a problem. Open the MOSDALLog_Directory_Synchronization_Tool file with a text editor to determine the error. One common error is the account used to run MOSDAL does not have sufficient privileges. The MOSDALLog_Directory_Synchronization_Tool file will look similar to the one shown in Figure 4-62. This error occurs even though you ran MOSDAL as an administrator
Figure 4-62. Log file for the MOSDAL directory synchronization test.
To resolve errors related to the need for administrative elevation, you need to add the account you are using to run MOSDAL to the local FIMSyncAdmins group:
1. From the directory synchronization server, click Control Panel, and then click User Accounts.
2. Select Give other users access to this computer.
3. Lastly, click Add to add a user or select an existing user, click Properties, and then select the Group Membership tab.
4. Select Other and make the user part of the FIMSyncAdmins group, as shown in Figure 4-63.
Figure 4-63. Add a user account to the FIMSyncAdmins group.
Another common problem with MOSDAL and the directory synchronization test arises if you do not run the test from the directory synchronization server. In this case, you will get an error stating that a directory synchronization key cannot be found in the registry, which will be listed in the
MOSDALLog_Directory_Synchronization_Tool log file. The directory synchronization MOSDAL test requires the directory synchronization (FIM) tool. Therefore, it needs to be executed from the directory synchronization server.
1. In the same directory, locate and open DirSyncObjects.xml.
DirSyncObjects.xml lists the objects that directory synchronization attempts to synchronize to Office 365 and lists any objects with duplicate UPNs and missing proxy addresses.
2. Resolve issues with duplicate UPNs and missing proxy addresses.
Summary
At this point, we have completed the foundational work for Office 365. In the last three chapters, we have covered the following tasks:
Planning, preparing, and remediating your enterprise environment for Office 365, specifically regarding AD
Establishing federation of your AD with Office 365 using AD FS 2.0
Establishing directory synchronization using the Windows Azure Active Directory Sync software tool, also commonly referred to as directory synchronization, so you can continue to manage your
environment through AD
We introduced tools provided by the Microsoft Office 365 team, such as MOSDAL and the Office 365 Deployment Toolkit. Up to this point, each chapter has helped you sequentially build the foundation for Office 365. This will change in later chapters because you will start configuring and deploying the individual Office 365 services, which are Exchange Online, SharePoint Online, Lync Online, and Office 365 Professional Plus. You can proceed directly to any of the chapters that are specific to the services you want to use. The great thing about Office 365 is that there is no specific order to deploy the services.
There is also no need for you to deploy all the services. You can pick and choose the services that are appropriate for your enterprise needs.
Alternatively, you can continue with Chapters Chapter 5, Chapter 6, and Chapter 7 to leverage System Center as an optional, but recommended, enterprise management suite of tools to build additional automation and monitoring for your Office 365 deployment. You could also choose to start deploying services first, and then return to the System Center chapters.
The point is that the deployment can proceed in any direction after the foundational services have been established. This is also a good testament to the flexibility of Office 365 workload adoption and
deployment.
Part 3. Office 365 Foundations: Monitoring and Automation
Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9
Chapter 5. Monitoring Office 365 with System Center
Introduction to System Center components and licensing Concepts and planning for monitoring Office 365
Deploying the SCOM infrastructure and importing the Office 365 Management Pack Creating alert notifications
THIS chapter focuses on monitoring and managing on-premises technologies that are important to Office 365. In previous chapters, we introduced a number of on-premises technologies that Office 365 depends on, such as Active Directory Federation Services (AD FS) and DirSync. Office 365 is tightly integrated with these on-premises technologies, and they are very important to the accessibility and operations of Office 365. Consider that if the on-premises Exchange Client Access Server (CAS) goes down, then Exchange Online users might not be able to view the free and busy times of those users whose mailboxes are still on-premises. If the on-premises AD FS infrastructure fails because of the AD FS servers, SQL server, or Internet Information Services (IIS) server, then users might not be able to log onto Office 365 altogether. A more comprehensive list of technologies that Office 365 is dependent on will be listed later in the Evaluating what to monitor section of this chapter, when it is time for us to determine what needs to be monitored.
Aside from monitoring, there is also the need to deploy software and make configuration changes to workstations so they work seamlessly with Office 365. For these reasons, it is important to have an
enterprise-level monitoring and management solution, which is why we are introducing Microsoft System Center 2012 for consideration as part of an Office 365 deployment. The current version of System Center is 2012 with Service Pack 1, which was released in December, 2012.
System Center is a suite comprising eight components. Each of these eight components plays a crucial role in various aspects of Information Technology (IT) management. System Center was created to help
companies with the management of physical and virtual machines, on-premises and off-premises cloud applications, people management tasks such as provisioning, request tracking, and the automation of processes to make organizations more productive and cost efficient.
The eight components within System Center cover all aspects of IT management, from applications and infrastructure to service delivery and automation, as shown in Figure 5-1.
Figure 5-1. System Center 2012 capabilities across IT services.
System Center 2012 is an integrated management platform that helps you to easily and efficiently manage your datacenters, client devices, and hybrid cloud IT environments. System Center 2012 is the only platform to offer comprehensive management of applications, services, physical resources, hypervisors, software-defined networks, configuration and automation in a single offering.
System Center Configuration Manager is not generally recognized as a monitoring solution. However, underneath the covers, System Center Configuration Manager monitors a series of events, such as users who log on to workstations at the agent level or a configuration item being tracked by the agent in case of any deviations from the organization’s standard configuration.
System Center Data Protection Manager is primarily responsible for data protection. To do so, it constantly monitors changes on the workloads it is protecting.
System Center Orchestrator is responsible for monitoring system events that will trigger and execute pre-defined procedures known as runbooks.
System Center Service Manager is an incident management component and thus monitors for changes to incidents and executes workflows accordingly.
System Center Virtual Machine Manager manages a variety of components on physical hosts and virtual machines. System Center Virtual Machine Manager can also determine if hosts are over-subscribed and migrate virtual machines in real time to different hosts to maximize performance and resources.
Finally, System Center App Controller monitors the state of private cloud services, applications deployed in Windows Azure PaaS, and virtual machines in Windows Azure, which an Infrastructure as a Service (IaaS) is offering. This is a significant element because Office 365 depends on on-premises technologies such as Active Directory (AD), AD FS, and possibly RMS. Furthermore, in a hybrid Exchange scenario, there are on-premises Exchange servers as well. Relying on on-premises technology makes Office 365 more vulnerable because the geo-redundancy of Office 365 does not extend to local networks. Therefore, Windows Azure Virtual Machines creates an opportunity for organizations to take advantage of geo-redundancy so that on-premises implementations do not become the weak link. Windows Azure Virtual Machines will be discussed in detail in Chapter 16