As a global administrator working with Microsoft Office 365 for enterprises, you may want to synchronize your local Active Directory with your Office 365 directory, as described in Active Directory synchronization: Roadmap. This topic is the third step of that process; the second is Install and Upgrade the Microsoft Online Services Directory Synchronization tool. Make sure you install the Microsoft Online Services Directory Synchronization tool before you proceed.
 Note: |
|---|
| Recent changes to the directory synchronization infrastructure allow more flexibility in supporting some email migration scenarios. For more information, see Exchange Hybrid Deployment and Migration with Office 365. |
The first time you synchronize your directories, a copy of your local users and groups is written to your Office 365 directory. From then on, Active Directory synchronization checks for changes to your local Active Directory and updates your Office 365 directory with those changes.
In this topic, you will run the Microsoft Online Services Directory Synchronization Configuration Wizard, which creates an account in your local Active Directory and configures recurring synchronizations from your local Active Directory to the Office 365 directory. You can also force synchronization at any time.
The Microsoft Online Services Directory Synchronization Configuration Wizard creates the MSOL_AD_SYNC account in your Active Directory forest, in the standard Users organizational unit in the Root Domain. Directory synchronization uses this service account to read and synchronize your local Active Directory information. The Configuration Wizard also sets up recurring synchronizations every three hours from your local Active Directory to your Office 365 directory.
 Important: |
|---|
|
To configure directory synchronization, follow these steps.
-
To start the Configuration Wizard, do one of the following:
-
If you are setting up directory synchronization for the first time, on the last page of the Microsoft Online Services Directory Synchronization Setup wizard, select the Start Configuration Wizard now check box, and then click Finish.
-
If you are updating the configuration of directory synchronization, click Start, click All Programs, click Microsoft Online Services, click Directory Synchronization, and then click Directory Sync Configuration. For more information about updating the configuration of directory synchronization, see Manage directory synchronization.
-
If you are setting up directory synchronization for the first time, on the last page of the Microsoft Online Services Directory Synchronization Setup wizard, select the Start Configuration Wizard now check box, and then click Finish.
-
On the Microsoft Online Services Credentials page, type your Microsoft Online Services Administrator Credentials, and then click Next.
-
On the Active Directory Credentials page, type your Active Directory Enterprise Admin Credentials, and then click Next.Note:
These enterprise administrator credentials are not saved. They are not persisted in the computer's memory after the service account is created. For more information, see Active Directory Credentials. -
On the Exchange hybrid deployment page, you can activate the Exchange hybrid deployment features if you have Exchange Server 2010 SP1 installed. For more information on Exchange hybrid deployment, see Exchange Hybrid Deployment and Migration with Office 365.Note:
To begin the first synchronization immediately, leave the Synchronize directories now check box selected on the Finished page of the wizard.
If you don’t want to wait for the recurring synchronizations that occur every three hours, you can force directory synchronization at any time. For example, if an employee's employment is terminated, you may want to immediately disable or delete their Active Directory account in the cloud if the account was created there, or on-premises if the account was created locally, and then force directory synchronization to prevent that employee’s continued access to your email system and network resources. For more information, see the video How to force directory synchronization.
Force directory synchronization using Windows PowerShell
You can use the directory synchronization Windows PowerShell cmdlet to force synchronization. The cmdlet is installed when you install the Directory Synchronization tool.
-
On the computer that is running the Directory Synchronization tool, navigate to the directory synchronization installation folder. By default, it is located here: %programfiles%\Microsoft Online Directory Sync.
-
Double-click DirSyncConfigShell.psc1 to open a Windows PowerShell window with the cmdlets loaded.
-
In the Windows PowerShell window, type Start-OnlineCoexistenceSync, and then press ENTER.
Force directory synchronization using the Configuration Wizard
You can also force synchronization by running the Microsoft Online Services Directory Synchronization Configuration Wizard; however, you will have to complete the entire wizard to do so, including entering your credentials again.
-
On the computer that is running the Directory Synchronization tool, click Start, click All Programs, click Microsoft Online Services, click Directory Synchronization, and then click Directory Sync Configuration.
-
Follow the instructions in the wizard, and provide the requested credentials.
-
On the Finished page of the wizard, leave the Synchronize directories now check box selected, and then click Finish.
To verify that your local Active Directory users and groups have synced to the Office 365 directory, either for the first time or in subsequent updates, see Verify directory synchronization.
Community resources
Concepts
Prepare for directory synchronizationInstall and Upgrade the Microsoft Online Services Directory Synchronization tool
Active Directory synchronization: Roadmap
