I federated my Office365 installation with my on-premise Active Directory quite some months back and everything has been running well (single sign on for Windows, NAS, Lync, Outlook, Helpdesk etc).
Today I needed to add a user but the username (UPN) and e-mail address drop down only allowed me to select the “hosted domain” (i.e. @t.onmicrosoft.com) and not my domain name (@t.net). I raised a support ticket with Microsoft and they informed me that federated installations don’t support user creation through the Office365 admin center/portal, and I would have to use DirSync to replicate the user from Active Directory.
A little search discovered some powershell commands that i hoped might avoid the need for DirSync (I clearly didn’t use it when I first switched from hosted to federated). Connect to the online service;
Check things looked ok;
Try creating the new user;
New-MsolUser -DisplayName "Matt" -FirstName Matt -LastName H -UserPrincipalName firstname.lastname@example.org -UsageLocation UK -LicenseAssignment t:LITEPACK
New-MsolUser : You must provide a required property: Parameter name: FederatedUser.SourceAnchor...
Back to DirSync… I downloaded DirSync.exe but installation failed with error “The Microsoft Online Services Sign-in Assistant service installation returned FAIL. See the event logs for more detailed information.”;
I couldn’t see anything in the event logs, but seeing as the Microsoft Online Services Sign-in Assistant was already installed. I tried uninstalling and re-running the DirSync.exe installation;
This seemed to do the trick, but when I tried to complete the configuration I received an error that Active Directory Synchronization wasn’t enabled (and I needed to do this in the Admin Center). But the option doesn’t exist (I think it may not be officially supported on the Office365 Small Business package).
Back to powershell… Let’s check the current status;
DirectorySynchronizationEnabled is set to false, so let’s enable it;
Set-MsolDirSyncEnabled -EnableDirSync $true
Bingo, the DirSync installation progressed to the next step, this time complaining that my on-premise user wasn’t a member of the Enterprise Admins group. A quick visit to active directory users and computers, adding the user to group, and voila!
At the end of the installation I checked the option to “synchronize now” and checked the user list- my new user (and a bunch of other unnecessary users are now showing in Office365). I tidied the ones I don’t need, and all is good;
I may filter the OUs that are synchronized at a later stage, but at the moment, i’m happy leaving it as is.