Body:

So, you’ve installed and migrated your federated domain to a managed domain, oh oh troubles, what now. In this next post we try to provide you with the answers to the most common problems:

Supported OS

The Password Sync feature of the Directory Sync tool will not work correctly if Directory Sync tool is deployed on an OS older than Windows Server 2008 R2 SP2.

The exception text that indicates this is a problem is as follows:

Password synchronization failed for domain: . Details:

System.IO.FileLoadException: A procedure imported by ‘Microsoft.Online.PasswordSynchronization.Cryptography.dll’ could not be loaded.

To resolve this issue, install the Directory Sync tool on a supported Windows Server OS.

User unable to sign in: Administrator should not select “User must change password at next login”.

  • Administrator must remove check box next to “User must change password at next logon”.
  • Require user to change his password in the on-premises environment to replicate the new password to Office 365.
  • Wait up to two (2) minutes for password synchronization to occur.
  • Log into Office 365 with the new password.

User unable to sign in: User reset/set their password in the Office 365 Portal

  • Require user to change his password in the on-premises environment to replicate the new password to Office 365. It is recommended the customer use a computer joined to the domain locally.
  • Wait up to two (2) minutes for password synchronization to occur.

User unable to sign in: Users accounts not created or synced in Windows Azure AD

  • This could be caused by duplicate user names or email addresses.  Use the IDFix Directory Synchronization Tools to find and resolve possible synchronization errors.

Directory Synchronization is running successfully, but passwords are not synchronized

  • Re-run Windows Azure Active Directory Sync tool Configuration Wizard and verify Enable Password Synchronization is selected on the Password Synchronization page or check it on Management Agent in the DirSync UI.
  • Run the following command: Enable-MSOnlinePasswordSync

Event IDs

Event ID Source Event   Description
Informational (No Action   Required) 650 Directory   Synchronization DirSync   is about to start synchronization of a batch of passwords
651 Directory   Synchronization DirSync   has completed   sync of a batch of passwords
653 Directory   Synchronization Heartbeat   ping attempt start (no passwords to sync)
654 Directory Synchronization Heartbeat ping attempt stop(no passwords to sync)
656 Directory Synchronization List of users that are included in the upcoming batch of passwords
657 Directory Synchronization Result of attempted password sync batch User(s) whose password was successful or failed synchronization.
0 Directory Synchronization User(s) whose password was failed synchronized.
Event ID Source Event   Description More   Information
Error (Action Required) 652 Directory   Synchronization Password   Sync not enabled in the Tenant
 
655 Directory   Synchronization Heartbeat   ping attempt failed
6900 FIMSynchronizationService Password Sync Disabled in the Tenant / Enabled in Dirsync
6329 FIMSynchronizationService 2nd Error following 6329
Category: How to do
Published: 12/1/2013 9:45
]]>