DirSync, for the people that are new to Office 365 and have no idea what DirSync does, a small recap: DirSync syncs User, Groups and Contacts from a local Active Directory with the identity source of Office 365 called Windows Azure Active Directory.

DirSync uses a software program engine called Forefront Identity Manager in a stripped version to do the job. If we go to C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell and start miisclient, we’ll get the UI from FIM to manage some basic filtering possibilities. Filters that are supported are filter on attribute, on domains and on organizational unit in AD.

Every now and then we have an error in or a lack of synchronization. Although DirSync provides us already with a very handy error messaging system, we might need to get deeper into the system. Before we go digger deeper we need to know how DirSync works (or at least have a basic understand of it).

FIM (and therefor also DirSync) works with Management Agent (connectors with the source and destination) and a Metaverse (structured SQL Database) in between. When we look at DirSync we have a therefor 2 Management Agents: Active Directory Connector and the Windows Azure Active Directory Connector and the metaverse database in between. When a sync goes wrong there are 2 times when  it can go wrong: From Active Directory Connector to Metaverse or Metaverse to Windows Azure Active Directory Connector.

If we want to know why the sync failed we might want to check if the change made it into the Metaverse. As I mentioned earlier the Metaverse is a structured SQL database, unless when you are a FIM export better to be left alone. But how do we search in the Metaverse?

Easy click on Metaverse Search in the Miisclient.


In this screen we can build our search query based on any attribute that we have available in the Metaverse, e.g. UserPrincipleName


Sometimes for a mysterious reason we can have 2 objects with the same UPN, which one do we know to search for in the Metaverse? In the error mail you receive from DirSync you’ll find the ImmutableId which is always unique. ImmutableId in WAAD translates in sourceAnchor in the Metaverse. So you might find something like this:



This search will give you a clue where the sync problem originated from and give you more information on how to solve it.


Category: How to do; Servers
Published: 1/13/2014 21:43