Hi Guys,
Im looking at implementing Dirsync into a customer site of mine that will shortly be running on O365 but Im having some challenges on account of the local schema having already been extended with the Exchange attribute set.
The customer already have accounts in the Azure AD by virtue of a PS script that creates the cloud identities for them based on their on premise local AD accounts. So essentially from an IDM perceptive, each user has two accounts, one in the local AD and one in Azure which can be managed independetly.
My issue is that when I turn on Dirsync, all attribute information from the local AD overwrites information in the Azure AD. I understand the concept of account matching based on the 'mail' attribute but Im concerned that I could potentially loose some attribute information thats currently present in the Azure AD.
An example of this would be the MSExchHideFromAddressLists attribute which is currently populated in O365 but not populated on the local AD. Consequently if I enable DIrsync the Azure attribute is overwritten and users become visisble in the GAL.
My understanding of this issue is that on account of the local schema being extended I essentially need to ensure that all directory attribute information that is present on the Azure AD accounts is populated into the local AD, consequently when dirsync is enabled I still have the correct info in the Azure AD.
My question is really, how can I be sure that Ive captured all of the attributes that require population in the local AD??
I know the list of attributes that is populated with Dirsync as per;
http://support.microsoft.com/kb/2256198
but this isnt really helping me deterine their associated values on the Azure AD.
Any help or guidance would be most appreciated.