Monday, December 19, 2011

Office 365: Rich coexistence failure because DirSync cannot write back to local AD

DirSync makes it very easy to populate all user account etc from the internal AD to Office 365. Error during exporting and syncing user data are reported via emails, so you can follow up on that.
For rich coexistence DirSync writes certain attributes back to AD, e.g proxyaaddresses.
Errors are not reported and you have to find them in the DirSync's "unofficial" UI.

If you see there "Insufficient access rights to perform the operation.” then the user MSOL_AD_SYNC does not have permissions to write those attributes.
This can happen because you assigned permissions on the user level and you have disabled the "include inheritable permissions from this object's parent" option.

From there you have two options; enable the option to use inheritance or add the permissions manually to each account.

Office 365: Off-boarding a mailbox

On-boarding a mailbox to Office 365 is a quite simple to do with the Exchange Management Console. But how to off board a mailbox. So you might ask why should I do that, well just to be prepared, just in case you have to.

First create a powershell session to O365:
$cred365= Get-Credential
$CloudSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $cred365 -Authentication Basic -AllowRedirection -WarningAction SilentlyContinue
Import-PSSession $CloudSession -Prefix 365

Now run the move request:
New-365MoveRequest -Outbound -Identity '' -RemoteHostName -TargetDeliveryDomain -RemoteCredential $credOnP -RemoteTargetDatabase 'Mailbox Database 041637xxxx'

Afterwards you can find the new move request in EMC under your Office 365 tenant in "Move requests".