Embed Size (px)
Citation preview
OFFICE 365 DA ESTRATÉGIA DE DEPLOY ATÉ OS DETALHES DE TROUBLESHOOTING
Background
Support Engineer and Technical Trainer at Microsoft IT vendor, working with Exchange Server, Office 365, Skype for Business, Microsoft Azure and related cloud technologies.
Microsoft career certifications (MCP, MCTS, MCSA, MCSE, MCT)
Social
[email protected] @brunokktro https://blogdolopez.com www.facebook.com/blogdolopez
Meet the PresentersBruno Lopes, MCTTechnical Trainer, Wipro/Microsoft
Exchange Online
New HCW
4
New HCW log improved
5
Centralized Mail Flow ENABLED
Centralized Mail Flow DISABLED
Message Trace: UI
Azure AD Connect
Choosing between sync tools
• Currently Linked from the Office 365 Admin Portal
• No features that aren’t also available in Azure AD Sync
• Remains supported following support policy
DirSync Azure AD Connect Includes sync from
multiple forests including merging duplicate users in these forests
In addition to AD, can sync from LDAP v3, SQL Server (coming soon)
Enables selective OU sync with using UX in the setup
Enables selective attribute sync
Enables transforming of attributes using UX in the setup
Azure AD Sync Installer that deploys
Azure AD Sync and optionally AD FS
A superset of Azure AD
Available now
Multi forest topologies Deploy a pilot using just a few users in a group Don’t start sync right away (‘staging mode’) Sign on using federation Azure AD premium features (writeback passwords, users,
groups, and devices from the cloud) Sync custom directory attributes to the cloud
Custom settings allows more advanced options
Upgrade from Dirsync
15
Different options for an Azure AD Connect upgrade:
In-place upgrade: if the expected upgrade time is less than 3 hours then the recommended option is to do an in-place upgrade.
Parallel deployment: if the expected upgrade time is more than 3 hours then the recommended option is to do a parallel deployment on another server. It is estimated that if you have more than 50,000 objects in AD DS, then it will take more than 3 hours to do the upgrade; the preferred upgrade option is a parallel deployment in this scenario.
Manage: Monitor App Log Events
17
Application Log, Event Source = Directory Synchronization
Password synchronization starts retrieving updated
passwords from the on-premises AD DS
Event ID 650 Finished retrieving updated passwords from
on-premises AD DS
Event ID 651
success
Failed to retrieve updated passwords from
on-premises AD DS
Event ID 652error
Manage: Monitor App Log Events
18
Application Log, Event Source = Directory Synchronization
Password synchronization starts informing Windows Azure AD that there are
no passwords to be synced
Event ID 653Finishes informing
Windows Azure AD that there are no passwords to
be synced
Event ID 654
success
Failed to inform Windows Azure AD that there are
no passwords to be synced
Event ID 655error** This occurs every 30
minutes if no passwords have been updated on-premises
Manage: Monitor App Log Events
19
Application Log, Event Source = Directory Synchronization
Password synchronization detects password
changes and tries to sync it to Windows Azure AD
Event ID 656 User(s) whose password was successfully synced
Result : Success
Event ID 657
success
User(s) whose password was not syncedResult : Failed
error
** Lists at least 1 user, at most 50 users
20
Common causes of problems with directory synchronization in Office 365
Symptom Top solution or solutionsSynchronized objects aren’t appearing or updating online, or I’m getting synchronization error reports from the Service.
Identity synchronization and duplicate attribute resiliency
I have an alert in the Office 365 admin center, or am receiving automated emails that there hasn’t been a recent synchronization event
•Troubleshoot connectivity issues with Azure AD Connect
•Azure AD Connect Accounts and permissions •Azure AD Connect sync: How to manage the Azure AD service account
Passwords aren’t synchronizing, or I’m seeing an alert in the Office 365 admin center that there hasn’t been a recent password synchronization
Implementing password synchronization with Azure AD Connect sync
I'm seeing an alert that Object quota exceeded
We have a built-in object quota to help protect the service. If you have too many objects in your directory that need to sync to Office 365, you’ll have to contact Support to increase your quota.
I need to know which attributes are synchronized
You can find a list of all the attributes that are synced between on-premises and the cloud right here.
I can’t manage or remove objects that were synchronized to the cloud
Are you ready to manage objects in the cloud only? Or is there an object that was deleted on-premises, but is stuck in the cloud? Take a look at this support article for guidance on how to resolve these issues.
21
Diagnostic Tools
IdFixAD remediation tool that includes statistics on top DirSync errors
requiring remediation (fixing is options, tools can be used for analysis only)
http://www.microsoft.com/en-us/download/details.aspx?id=36832Feedback: [email protected]
Active Directory Administrative Center
22
© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
