DevEX - reference for building teams, processes, and platforms
Mundo TI - Office 365 da estratégia de deploy até os detalhes de troubleshooting
1. OFFICE 365 DA ESTRATÉGIA DE DEPLOY ATÉ OS
DETALHES DE TROUBLESHOOTING
2. Background
Support Engineer and Technical Trainer at Microsoft IT vendor, working
with Exchange Server, Office 365, Skype for Business, Microsoft Azure and
related cloud technologies.
Microsoft career certifications (MCP, MCTS, MCSA, MCSE, MCT)
Social
bruno@blogdolopez.com
@brunokktro
https://blogdolopez.com
www.facebook.com/blogdolopez
Bruno Lopes, MCT
Technical Trainer, Wipro/Microsoft
11. • Currently Linked from the
Office 365 Admin Portal
• No features that aren’t also
available in Azure AD Sync
• Remains supported
following support policy
Includes sync from
multiple forests including
merging duplicate users in
these forests
In addition to AD, can sync
from LDAP v3, SQL Server
(coming soon)
Enables selective OU sync
with using UX in the setup
Enables selective attribute
sync
Enables transforming of
attributes using UX in the
setup
Installer that deploys
Azure AD Sync and
optionally AD FS
A superset of Azure AD
Available now
12. Multi forest topologies
Deploy a pilot using just a few users in a group
Don’t start sync right away (‘staging mode’)
Sign on using federation
Azure AD premium features (writeback passwords, users, groups, and
devices from the cloud)
Sync custom directory attributes to the cloud
13. Different options for an Azure AD Connect upgrade:
In-place upgrade: if the expected upgrade time is less than 3 hours then
the recommended option is to do an in-place upgrade.
Parallel deployment: if the expected upgrade time is more than 3 hours
then the recommended option is to do a parallel deployment on another
server. It is estimated that if you have more than 50,000 objects in AD DS,
then it will take more than 3 hours to do the upgrade; the preferred
upgrade option is a parallel deployment in this scenario.
14. Application Log, Event Source = Directory Synchronization
Password synchronization
starts retrieving updated
passwords from the
on-premises AD DS
Event ID 650
Finished retrieving updated
passwords from on-premises
AD DS
Event ID 651
success
Failed to retrieve updated
passwords from
on-premises AD DS
Event ID 652
error
15. Application Log, Event Source = Directory Synchronization
Password synchronization
starts informing Windows
Azure AD that there are no
passwords to be synced
Event ID 653
Finishes informing Windows
Azure AD that there are no
passwords to be synced
Event ID 654
success
Failed to inform Windows
Azure AD that there are no
passwords to be synced
Event ID 655
error** This occurs every 30 minutes if
no passwords have been updated
on-premises
16. Application Log, Event Source = Directory Synchronization
Password synchronization
detects password changes
and tries to sync it to
Windows Azure AD
Event ID 656 User(s) whose password was
successfully synced
Result : Success
Event ID 657
success
User(s) whose password was
not synced
Result : Failed
error
** Lists at least 1 user,
at most 50 users
17. Symptom Top solution or solutions
Synchronized objects aren’t appearing or updating
online, or I’m getting synchronization error reports
from the Service.
Identity synchronization and duplicate attribute resiliency
I have an alert in the Office 365 admin center, or am
receiving automated emails that there hasn’t been a
recent synchronization event
•Troubleshoot connectivity issues with Azure AD Connect
•Azure AD Connect Accounts and permissions
•Azure AD Connect sync: How to manage the Azure AD
service account
Passwords aren’t synchronizing, or I’m seeing an alert
in the Office 365 admin center that there hasn’t been
a recent password synchronization
Implementing password synchronization with Azure AD
Connect sync
I'm seeing an alert that Object quota exceeded
We have a built-in object quota to help protect the
service. If you have too many objects in your directory
that need to sync to Office 365, you’ll have to contact
Support to increase your quota.
I need to know which attributes are synchronized
You can find a list of all the attributes that are synced
between on-premises and the cloud right here.
I can’t manage or remove objects that were
synchronized to the cloud
Are you ready to manage objects in the cloud only? Or is
there an object that was deleted on-premises, but is
stuck in the cloud? Take a look at this support article for
guidance on how to resolve these issues.
18. IdFix
AD remediation tool that includes statistics on top DirSync errors requiring
remediation (fixing is options, tools can be used for analysis only)
http://www.microsoft.com/en-us/download/details.aspx?id=36832
Feedback: idfixsupport@microsoft.com
Notas do Editor
1 minute
Introducing the Microsoft Office 365 Hybrid Configuration Wizard
https://blogs.technet.microsoft.com/exchange/2015/09/04/introducing-the-microsoft-office-365-hybrid-configuration-wizard/
HCW Improvement: The Minimal Hybrid Configuration option
https://blogs.technet.microsoft.com/exchange/2016/06/24/hcw-improvement-the-minimal-hybrid-configuration-option/
Troubleshoot Office 365 mail flow
https://technet.microsoft.com/en-us/library/dn741248(v=exchg.150).aspx
Office 365 mail flow troubleshooting index
https://support.microsoft.com/en-nz/kb/2757871
Before you review the resources in this article, be aware that the Microsoft Remote Connectivity Analyzer offers several tests on the Office 365 tab that are helpful when you are troubleshooting mail flow in Office 365.
Dashboard from Office 365is pre-requirement before starta troubleshooting!
These tests include the following:
Office 365 Exchange Domain Name Server (DNS) Connectivity test
Inbound SMTP Email test
Outbound SMTP Email test
The following resources discuss mail flow.
The Azure AD Sync tool configuration wizard now includes a page to enable password sync.
To disable password sync, rerun this wizard, and uncheck the box for “Enable Password Sync”.
Deployment step 4: Synchronize on-premises AD and Windows Azure directories.
See troubleshooting guide for more details: http://support.microsoft.com/kb/2855271
See troubleshooting guide for more details: http://support.microsoft.com/kb/2855271
See troubleshooting guide for more details: http://support.microsoft.com/kb/2855271
These event log entries refer to users by their “anchor” (a.k.a immutableID) value.To determine the user, use Get-MsolUser –All | Where {$_.immutableID –match “<anchor value>”}
Beyond the Event IDs highlighted here, many of the password sync errors are documented as Evend ID 611.
There is no special AD preparation required to use the password sync feature, but these tools will help ensure a successful implementation of the DirSync application.
There is no special AD preparation required to use the password sync feature, but these tools will help ensure a successful implementation of the DirSync application.
Advanced AD DS Management Using Active Directory Administrative Center (Level 200)
https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/get-started/adac/advanced-ad-ds-management-using-active-directory-administrative-center--level-200-