How to Increase the Frequency of DirSync Synchronization

After installing the latest version of Windows Azure Active Directory Sync (DirSync) you may want to increase the frequency of synchronization between your AD organization and the cloud. To accomplish this open the Administrative Tools folder on the DirSync server and open Task Scheduler.

If everything has been configured correctly you will see a task called: Azure AD Sync Scheduler, double click that task

task1

There is a local account created by DirSync that is used for this task indicated where the green box is, if you want to make changes to this Task you have to set the password for this user in Computer Management > Users and Groups or you can create and use a different user account that has full admin privileges

task5

Select the trigger tab

task2

Set the task the repeat at the desired replication time, maybe 15 minutes or 1 hour is fine for your organization, it is up to you, select ok to save

task3

You will be prompted for the password from the general tab to be able to save, once you saved you are done and DirSync will run every interval you have selected!

taskpassword

If you would like a way to force DirSync easily, set up a shortcut. Learn about it in this article.

How to Install the New Windows Azure Active Directory Sync (DirSync)

 

ActiveDirecotry2Windows Azure Active Directory Sync (DirSync) has gone through many iterations just in the last few years but the good news is it is getting easier to install and use. It used to be quite  pain to reinstall or migrate.  DirSync is the easiest way to sync your AD organization to Microsoft’s cloud including Azure, Office 365 and Exchange Online.

The current version can be downloaded here:

Windows Azure Active Directory Sync (DirSync)

If you have an older version of DirSync and want to move to the latest version I highly recommend it because the newer one is easier to use. To force sync on the older versions you click a lot in miisclient.exe in a very specific sequence or run PowerShell commands. The last iteration even included a script that had to be launched from PowerShell itself. It was not optimal for daily management.

If you are starting with a fresh install skip to the How to below. As you can only sync from one server at a time, there are only two possible scenarios if you had an older version installed already:

  1. Install on the same server – because the architectures are a bit different you can simply remove the old version of DirSync using Programs and Features and install the new version.
  2. Install on a different server – disable the service Azure Active Directory Sync on the old server or completely uninstall it and use the instructions below to install on the new server.

How to Install Windows Azure Active Directory Sync

Because the architectures are a bit different you can simply remove the old version of DirSync using Programs and Features and install the new version. Use the download link above to download the lastest version and open the exe file.

1

After you agree to the terms and select install it will run for a bit and disappear. Look on your desktop for this icon and open it.

icon-dir

You are now in the configuration window, enter your cloud credentials

2

Enter your on-prem credentials and select add forest and next

3

Configure any user matching parameters required, but the default is usually fine

4

Do not select any of these options at this time so you can setup and test the connection

5

Select next

6

Keep the Synchronize now box unchecked and select Finish

7

This is a good time for a restart to ensure you have been added to the appropriate security group and just to clear out any potential issues before you test the connection and finalize the configuration.

Once you restart, open the Synchronization Service, there should be a new icon on your desktop. This app is the replacement for miisclient.exe.

sync serv

You can observe what is being synced here and also check for errors with this app

sync mgr

Now we need to test if the configuration worked before we set the configuration to automatically sync. The easy way is to force synchronization with a shortcut.

How to Force DirSync Synchronization with a Shortcut

Right click anywhere on your desktop and select New > Shortcut

short

Paste this target box and select next

“C:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe”

Choose a name, Finish

force

Once saved, select the new shortcut to test

force sync cmd

You should see the synchronization steps listed in the Sync Manager, any errors will show up in the lower right box

sync manager list

Sync successful! open up the Directory Synchronization tool again from the icon on your desktop and configure it for auto sync. Check the boxes for password synchronization and enable Synchronization on the last page.

If you ever need to remove DirSync from the server, go to Programs and Features and uninstall Windows Azure AD Sync and it will uninstall all other parts automatically.

uninstall

Read this article to learn how to increase the synchronization frequency of DirSync.

Hope this helps!

Severe Outlook Performance Issues Connecting to Exchange Online in RDS 2012 R2

O365AdminM08_960

If you are experiencing severe issues with Outlook performance in RDS 2012 R2, this article is if for you. This article represents several weeks of work and stress. After migrating user mailboxes to Office 365 were encountered an issue that appeared so impossible that we were even considering moving the entire organization back to on-prem. It took Microsoft support engineers over 2 weeks, bless their hearts, to finally provide a fix that actually worked. It took another week to test it and several days to implement. First I will walk you through a little history.

The environment:

  • Outlook 2013
  • RDS 2012 R2 deployment
  • Folder redirection and UPD for Appdata
  • On-prem Exchange 2010
  • All hosted in a colocation site
  • 230+ network users
  • Hybrid deployment with Exchange Online in Office 365

We deployed Office 365 in starting back in 2013 and took some time to get to know the interface and features while continuing to use our on-prem Exchange 2010 server. In the summer we decided to move forward with a hybrid deployment to migrate user mailboxes at our own pace  to avoid the pressure and rush of a cutover migration.

Over two months of slowly moving mailboxes and testing,  we found 365 to be a touch slower to load the message in the view pane but it was barely noticeable. So we decide to go for it. We migrated all the rest of the user mailboxes to Exchange Online. Users we so proud that they could tell their friends that they were in the cloud!

Users continued to use Outlook 2013 in RDS to connect to Exchange Online. For two weeks we did not have a single complaint! Users barely noticed except that they had to change the settings on their phones to get email. We recommended users download OWA for Android and iPhone. The app was well received because it look and feels just like OWA in 365. Then all of a sudden on Friday August 22nd after lunchtime, we got slammed with support tickets. The CEO said “my computer is freezing up” and sure enough Outlook was hanging bad.

While not every user in our office had issues right away, the impact was severe enough to be highest priority. Office 365 was unaffected. Users did not have any problems accessing email through OWA but they were not used to the interface and several refused to use 365.

Before involving Microsoft support engineers I tried all the basic steps from this Microsoft KB article on basic Outlook troubleshooting and several more. Microsoft engineers suggested fixes like: using the Microsoft Office Configuration Analyzer Tool 1.2 (OffCAT) to find issues. I disabled the hybrid configuration for a while to test if that was the cause, it wasn’t. During this process we upgraded Outlook to the latest version with patches that added some features. After a week I had spoken with so many support engineers from every team that I knew more than most of them did, including: the Outlook team, RDS team, mailflow team, Exchange Online team , and hybrid team – and opened I multiple tickets too!

Anytime I got pitched to a new team, the green tier 1 engineer would fumble around so much I was telling them what to do. Many of the engineers had no idea how to approach this issue because they were unfamiliar with RDS technology,  the layer of complexity RDS presented or could not get around the inability to use normal troubleshooting tools in that environment. For example the normal Microsoft “Fix it” tools were throwing errors.

Several engineers suggested using cached mode although it is not advised for RDS and when we got really desperate, we instructed the users with issues to set their mail profiles to cached mode. This is a great Microsoft article on when to use cached mode. Finally I reached a tier 3 engineer in the Exchange Online department, he determined that we needed to go back to work with an engineer in the Outlook team. The quest came full circle.

In the end, when working with the Outlook team we ran Procdump (tricky in RDS because limited user rights settings) to gather the needed data from a problem account. After a week of analyzing the results, the engineers had a potential solution.

Outline of the issue experienced:

Outlook says Not Responding in the application title bar, app whites out and is inaccessible

Outlook Not Responding Error

User sees message in lower right saying: Outlook is trying to retrieve data from the Microsoft Exchange server outlook.office365.com

Outlook trying to retrieve data error

Outlook does not load profile when opening or takes 5-10 minutes to load

Outlook mailbox open error

If you click too much while it is loading you get an apphang and system freezes, giving various errors

Outlook trying to retrieve data network error

Not all users had issues, and the issue was not 100% repeatable but for problem accounts usually I could get the error by just opening Outlook and clicking around too fast. It was a come-and-go issue, inconsistent and variable but impacting a significant amount of users.

The resolution 

Disable MAPI/HTTP by setting the following key on the RDS session host server. Open regedit and navigate to this location:

HKEY_CURRENT_USER\Software\Microsoft\Exchange
Create a DWORD entry with the name MapiHttpDisabled
Value: 1

DWORD

After creating the DWORD, open the entry and enter the value 1

Result

After Making the above changes please restart Outlook and go to the connection status Windows by holding the Crtl Key down and right clicking the Outlook icon in the System Tray.

In the window that Pops-up > scroll to the Right and under connections ensure it is displaying Shows RPC/HTTP.

Ensure that there is only a single account configured in Outlook and check if the issue persists. You may want to restart the users RDS session to refresh everything before testing.

For most users this fix worked great immediately, but for a single user where we had to delete and create his UPD (user account appdata) so it would forget his corrupted profile and build a new one for him. After that it worked great!

All the while through this issue the support engineers at Microsoft were acting baffled, like this was the first time they had ever seen this issue, and for many that may have been true. But later on when communicating with a really great engineer on the mail flow team for a different issue, he said, “oh that, that is a known issue.”

 

How to Force AD Synchronization with Office 365/Azure using DirSync

Update: this article concerns an older version of DirSync and is no longer current. Please visit this article to learn more about the current version.

There may be times during development or when adding a new user in a hybrid deployment, that you will need to force AD/Office 365 synchronization with DirSync.

On the server that DirSync is installed, go to this directory

C:\Program Files\Windows Azure Active Directory Sync

Open this powershell console file: DirSyncConfigShell.psc1

powershell1

Once in powershell, type Start-OnlineCoexistenceSync 

powershell 2

It may take up to 5 minutes or more depending on the volume of information syncing. To verify that it synced you can look at the top area on the user page in the Office 365 admin portal or you can use the Synchronization Service Manager application (miisclient.exe) located on the server with DirSync installed.

“C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe”

Issue When You Uninstall and Reinstall DirSync

If you uninstall Windows Azure Active Directory Sync (DirSync) from a server then later decide to reinstall it, you will get  one of several possible errors. You will not be allowed to to reinstall DirSync unless you delete the SQL server database and possibly  delete system accounts that are created on install. I had all sorts of fun challenges when moving DirSync to a different server then back again later when other priorities dictated that was the best move. Early on in the uninstall process I was at a loss to find any good articles on the internet after trying several comprehensive search phrases and I was wasting too much time clicking around.

When trying to reinstall DirSync the most common error message I got:

The install was unable to setup a required component. Check the event logs for more information. Please try the installation again, and if this error persists, contact Technical Support. Unable to uninstall the Windows Azure Active Directory Sync tool. Use the Control Panel to remove the Directory Sync tool.

There was one time during testing when DirSync failed to uninstall completely which was really fun. I had to take a deep dive into the registry at that point. Then I finally found a great article about a very similar experience and actually used the article more than once over the span of several months. Thank you Mr. Turley! 

I used different techniques for the different uninstalls but the two easiest and most effective were to delete the system accounts that are created when installing DirSync and delete the SQL database that is also created during the install process. Boom, done.

If you are interested in installing the latest version of DirSync where these problems are no longer an issue read this:

How to Install the New Windows Azure Active Directory Sync (DirSync)