INTRODUCTION
When you have a migration from Exchange on Premises, you definitely have an Active Directory set up. It is a logical decision to want your Active Directory synchronized with Office 365. When you follow the guidelines of Microsoft you’ll read that the Directory Synchronization (DirSync) tool is the best way to go.
BUT IS IT REALLY?
Do you know that by activating DirSync in an Exchange on Premises environment you make it impossible to migrate you mailboxes except by using the Microsoft Built In tools. Because of DirSync Office 365 doesn’t make cloud mailboxes when you assign a license to your users. MigrationWiz needs a destination mailbox to store all the migrated mails, contacts, calendar, etc. So you might want to choose for the built in tools from Microsoft but are they your best choice? We think not.
These are few objective reasons why MigrationWiz is the better choice:
1. Unlimited scalability, supported by 5 data centers worldwide, to migrate as many mailboxes concurrently at any given second, without throttling.
2. No public certificate required. Supports self-signed certificates in addition to non-SSL migration. 3. No special configuration on source server.
4. Strong error resolutions with rich granular statistics, in real time, including status and failure errors.
WHAT’S THE ALTERNATIVE?
BitTitan has a solutions that will allow you to synchronize your local Active Directory to Office 365 without the limitations of DirSync.
REQUIREMENTS
Domain joined computer or server
Microsoft Windows PowerShell 2.0
Microsoft .NET Framework 3.5
MigrationWiz PowerShell Commandlets
Enable PowerShell of your MigrationWiz account
WHAT ATTRIBUTES DO WE SYNC
USERS
Office 365 Attribute AD Attribute
DisplayName displayName ExternalEmailAddress Mail FirstName givenName Initials Initials Lastname Sn MicrosoftOnlineServicesID userPrincipalName Name displayName
GROUPS
Office 365 Attribute AD Attribute
DisplayName displayName
Name displayName
PrimarySmtpAddress Mail
Alias If mailNickname exists we use mailNickname If not we get the alias out of the mail attribute
MemberShips All the users that are a member of the group.
CONTACTS
Office 365 Attribute AD Attribute
DisplayName displayName ExternalEmailAddress Mail FirstName givenName Initials Initials Lastname Sn MicrosoftOnlineServicesID userPrincipalName Name displayName
STEP BY STEP
ENABLE POWERSHELL ON MIGRATIONWIZ
To enable PowerShell usage on your account: 1. Sign in to your MigrationWiz account.
2. If you do not see a Developer Settings section, your account is not authorized for remote access.
Contact our technical support to have your account enabled. 3. Click Manage developer settings.
4. Select Enable remote access to account. 5. Click Save.
INSTALL MIGRATIONWIZ COMMANDLETS
1. Go to Commandlets
2. Install (if necessary) Microsoft Windows PowerShell 3.0 3. Install (if necessary) Microsoft .NET framework 3.5 4. Install MigrationWiz Commandlets msi
SYNCHRONIZE
1. Login to the Office 365 Portal and disable DirSync if necessary.
2. Login to the computer with administrative credentials that has read access to the Active Directory objects and has the MigrationWiz commandlets installed.
3. Launch the MigrationWiz Command Shell from the start menu.
THE SCRIPT
1. Enter your MigationWiz account credentials
3. Select what you want to synchronize.
4. Select what you want to do.
Our tool allows you to simulate what will happen when you do a sync with or without delete. This guarantees the desired result without the risk of an unforeseen update, delete or add. If you want a risk free synchronization after the simulation use our Sync without delete option. This will allow our tool to add and to update users, contacts and groups without the risk of deleting one.
FILTERING
Just as DirSync our BT Sync tool allows you synchronize only a subset of your local Active Directory. When you open our SyncActiveDirectoryToOffice365.ps1 script you have multiple filter options
$USERROOTSEARCHCONTAINER
$CONTACTROOTSEARCHCONTAINER
$GROUPROOTSEARCHCONTAINER
We also allow you to filter certain users, groups or contact based on attributes
$USERSEARCHFILTER
$CONTACTSEARCHFILTER
$GROUPSEARCHFILTER
# Active Directory root search container for users. The default is the root of the domain. # i.e. OU=Users,DC=example,DC=com
# Active Directory root search container for users. The default is the root of the domain. # i.e. OU=Contacts,DC=example,DC=com
# Active Directory root search container for users. The default is the root of the domain. # i.e. OU=Groups,DC=example,DC=com
# User LDAP search filter. Default value is:
# (&(objectCategory=person)(objectClass=user)(displayName=*)(mail=*)(userPrincipalName=*))
# Contact LDAP search filter. Default value is:
# (&(objectCategory=person)(objectClass=contact)(displayName=*)(mail=*))
WHAT IF YOU WANT TO USE DIRSYNC AFTER SYNC
If you want to use DirSync after the Migration due to requirements for automatic synchronizations, password synchronization, you can choose to do so.
1. Activate DirSync on your tenant
2. Run the following script. This will make sure that DirSync connects the right Office 365 User to your local Active Directory Users
3. Run DirSync to synchronize.
Import-Module MSOnline
Import-module activedirectory
$user = “<enter username for Office 365>”
$password = “<enter password for office 365>”
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PsCredential($user,$secpasswd)
Connect-MsolService -Credential $credential
foreach ($user in (Get-MsolUser -All)) {
$ADUser = Get-ADUser -filter {UserPrincipalName -eq $user.UserPrincipalName} -Properties *
$guid = [GUID]$ADUser.ObjectGUID $bytearray = $guid.tobytearray()
$immutableID = [system.convert]::ToBase64String($bytearray)
