To my way of thinking, this is excessive and unnecessary.
During the install, at the end of following running Configuration Wizard, you will be asked if you wish to "Synchronize now". Uncheck this box and then, after a reboot, follow the instructions below:
Step 1:
- Create a shortcut to C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell\miiclient.exe (Synchronization Service Manager)
- Change the advanced properties to Run as Administrator.
- Launch this tool
- After the install, Open Active Directory Users and Computers and search for all users starting with "MSOL_". You will see that there is a new account called "MSOL_6b06ffadffb5" or some such giberish. The number is different on every Server.
- Change the password on this account to something secure, that you can enter in the Service Manager
- In Synchronization Service Manager, click on the Management Agents button, and highlight Active Directory Connector.
- Click Actions and then Properties
- Click on the "Connect to Active Directory Forest" menu on the left.
- Enter the Password that you assigned to the default account
- Click "Configure Directory Partitions". It will verify the AD credentials and change to the "Configure Directory Partitions" menu.
- Click on the Containers button
- Uncheck the select at the root of the Domain, and instead select the appropriate OU(s) that you wish to sync.
Step 4:
- Verify DirSync. Do this by opening up Powershell, and adding the snapin
ADD-PSSnapin Coexistence-Configuration - Type Start-OnlineCoexistenceSync
- Watch the Status screen of the Synchronization Service Manager
- Make sure that you see "Success" for each of the 4 tasks.
No comments:
Post a Comment