Quantcast
Channel: Directory integration services - Recent Threads
Viewing all articles
Browse latest Browse all 6446

Re: Manage federated identities

$
0
0

Thanks for your response Claud Wang.

Let me add some more information that might give little more clarity to the issue.

Customer has been using Online service since BPOS version of Microsoft Online Services which was later upgraded to Office 365

Customer had Exchange 2010 installed in their environment which was removed once they finished the migration to Office 365.

Write back attributes were working before as we see the old objects having the attributes like proxyAddress having appropriate value like it should be in rich coexistence environment.

As per the latest information from customer, it seems that write back option has stopped working since November 2013.

I did a little bit of research in the environment and found the following.

I don't see MSOL_AD_Sync_RichCoexistence  in the Users container

The account MSOL_AD_Sync is present but the membership with only domain users.

I am not sure at this moment if the richcoexistence was enabled at the time of configuring the DirSync

Now the question is what are the required permissions for user account MSOL_AD_Sync to write back on the following 5 attributes and what is the easy way to assign those permissions across the forest

msExchArchiveStatus  Online Archive: Enables customers to archive mail.  

msExchUCVoiceMailSettings  Enable Unified Messaging (UM) - Online voice mail: This new attribute is used only for UM-Microsoft Lync Server 2010 integration to indicate to Lync Server 2010 on-premises that the user has voice mail in online services.  

msExchUserHoldPolicies Litigation Hold: Enables cloud services to determine which users are under Litigation Hold.  

ProxyAddresses

(LegacyExchangeDN <online LegacyDn> as X500)  Enable Mailbox: Offboards an online mailbox back to on-premises Exchange.  

PublicDelegates Cross-premises Public Delegation: Enables users to specify delegates for their mailbox.

SafeSendersHash

BlockedSendersHash

SafeRecipientHash  Filtering: Writes back on-premises filtering and online safe and blocked sender data from clients.

I read some discussions in the community suggesting to add the account in enterprise admins group in AD, not sure if that is really required.


Viewing all articles
Browse latest Browse all 6446

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>