The BitTitan Sync Program is an alternative to using Microsoft synchronization tools. It uses PowerShell to synchronize user, group, and contact attributes between your on-premises environment and Office 365.
Sections of this guide:
- Requirements
- Synced attributes
- Run the BitTitan Sync Program
- Advanced options for the BitTitan Sync Program
- Enable DirSync after running the BitTitan Sync Program
Requirements
These are the requirements to run the BitTitan Sync Program:
- A domain-joined computer or server
- .NET Framework version 4.6.1 or later
- PowerShell version 4.0 or later
- Install BitTitan SDK by following the steps in KB005158.
Synced attributes
These are the attributes that are synced by the BitTitan Sync Program:
For users:
Office 365 Attribute | AD Attribute |
DisplayName | displayName |
ExternalEmailAddress | |
FirstName | givenName |
Initials | Initials |
LastName | Sn |
MicrosoftOnlineServiceID | userPrincipalName |
Alias |
If mailNickname exists, we will use mailNickname If not, we will get the alias from the mail attribute |
For groups:
Office 365 Attribute | AD Attribute |
DisplayName | displayName |
Name | displayName |
PrimarySMTPAddress | |
Alias |
If mailNickname exists, we will use mailNickname If not, we will get the alias from the mail attribute |
MemberShips | All the users that are a member of the group. |
For contacts:
Office 365 Attribute | AD Attribute |
DisplayName | displayName |
ExternalEmailAddress | |
FirstName | givenName |
Initials | Initials |
LastName | Sn |
MicrosoftOnlineServiceID | userPrincipalName |
Name | displayName |
Alias |
If mailNickname exists, we will use mailNickname If not, we will get the alias from the mail attribute |
Run the BitTitan Sync Program
Complete the following steps to run the BitTitan Sync Program:
- Log in to the Office 365 Portal and disable DirSync if currently enabled.
- Log in to the computer that has read access to the Active Directory objects and has the BitTitan SDK installed.
Note: Log in using Administrator credentials for the computer. - Launch the BitTitan Command Shell from the Start menu.
- Execute the script from the command shell by typing .\SyncActiveDirectoryToOffice365.ps1 and pressing Enter.
- Follow the prompts on the screen to select the object types to synchronize, and the syncrhonization operation.
Notes:
- The BitTitan Sync Program allows you to simulate what will happen when you do a sync with or without delete. This guarantees the desired result without the risk of an unforeseen update, delete, or add. If you want a risk-free synchronization after the simulation, use our Sync without delete option. This will allow our tool to add and update users, contacts, and groups without the risk of deleting one.
- If you choose to add Groups, make sure to do a second run of the BitTitan Sync Program after the creation of the groups. It’s during the second run that the memberships are assigned between users and groups.
Important:
- If your local AD has had its schema extended for Microsoft Exchange, and you run Microsoft synchronization tools (such as DirSync), it will expect Mailbox Replication Services (MRS) to perform a mailbox move. MigrationWiz cannot be run when mailboxes are in this state. At this point, if you want to continue using Microsoft synchronization tools rather than the BitTitan Sync program, you should follow the directions in KB004336.
- The password for the users is a definable field in our script, or you can choose to generate a random one. It does not retrieve the user's password from the Active Directory and sync it.
Advanced options for the BitTitan Sync Program
Just like DirSync, the BitTitan Sync Program allows you to synchronize only a subset of your local Active Directory. When you open the SyncActiveDirectoryToOffice365.ps1 script, you have the filter options listed below:
Advanced options | Description |
$USERROOTSEARCHCONTAINER | Active Directory root search container for users. The default is the root of the domain. i.e. OU=Users,DC=example,DC=com |
$CONTACTROOTSEARCHCONTAINER | Active Directory root search container for users. The default is the root of the domain. i.e. OU=Contacts,DC=example,DC=com |
$GROUPROOTSEARCHCONTAINER | Active Directory root search container for users. The default is the root of the domain. i.e. OU=Groups,DC=example,DC=com |
We also allow you to filter certain users, groups, or contacts based on attributes:
Advanced options | Description |
$USERSEARCHFILTER | User LDAP search filter. Default value is: (&(objectCategory=person)(objectClass=user)(displayName=*)(mail=*)(userPrincipalName=*)) |
$CONTACTSEARCHFILTER | Contact LDAP search filter. Default value is: (&(objectCategory=person)(objectClass=contact)(displayName=*)(mail=*)) |
$GROUPSEARCHFILTER | Group LDAP search filter. Default value is: (&(objectClass=group)(displayName=*)(mail=*)) |
Enable DirSync after running the BitTitan Sync Program
If you want to use DirSync after the migration due to requirements for automatic synchronizations, password synchronization, you can choose to do so.
- Activate DirSync on your tenant.
- Run the script below to make sure that DirSync connects the right Office 365 user to your local Active Directory Users.
Import-Module MSOnline
Import-module ActiveDirectory
$user = “<enter username for Office 365>”
$password = “<enter password for Office 365>”
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PsCredential($user,$secpasswd)
Connect-MsolService -Credential $credential
foreach ($user in (Get-MsolUser -All))
{
$ADUser = Get-ADUser -filter {UserPrincipalName -eq $user.UserPrincipalName} -Properties *
$guid = [GUID]$ADUser.ObjectGUID
$bytearray = $guid.tobytearray()
$immutableID = [system.convert]::ToBase64String($bytearray)
Set-MsolUser -UserPrincipalName $user.UserPrincipalName -ImmutableId $immutableID
}
- Run DirSync to synchronize.
コメント
0件のコメント
ログインしてコメントを残してください。