Firstly - I'm not sure if this is the right forum, but I've followed the 'support forum' links from inside Azure and it's brought me in this general direction.
We have a local AD, and also AD in Azure which we're using for Office 365.
Dirsync has stopped working, and I'm trying to troubleshoot it and get it working again. Luckily, we're still in test for Office 365. I think there is plenty for us to learn before production!
I've read this and made no progress - http://social.technet.microsoft.com/wiki/contents/articles/17370.best-practices-for-deploying-and-managing-the-windows-azure-active-directory-sync-tool.aspx
The first thing I thought to try is to check if we have the latest version of Dirsync. (not that I think that's the root cause, just a good place to start). How do I check that?!
Next, thing to try was to force a dirsync as per http://technet.microsoft.com/en-us/library/jj151771.aspx by doing
If you want to force the directory synchronization, you can go to %programfiles%\Microsoft Online Directory Sync > Double-click DirSyncConfigShell.psc1 >Start-OnlineCoexistenceSync
but that gives this error:
PS C:\Program Files\Windows Azure Active Directory Sync> Start-OnlineCoexistence
Sync
WARNING: Event logging may fail. The current user () is not a member of the Local Administrators group on this computer.
Start-OnlineCoexistenceSync : Cannot open MSOnlineSyncScheduler service on computer '.'.
At line:1 char:1
+ Start-OnlineCoexistenceSync
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (Microsoft.Onlin...CoexistenceSyn
c:StartOnlineCoexistenceSync) [Start-OnlineCoexistenceSync], DirectorySync
ConfigurationException
+ FullyQualifiedErrorId : 5000,Microsoft.Online.Coexistence.PS.Config.Star
tOnlineCoexistenceSync
PS C:\Program Files\Windows Azure Active Directory Sync>
I am logged into that server as a domain admin, and the local Administrators group contains Domain Admins, as default. I'm wondering if that error message in bold has a different significance? Or is it simply reflecting the fact that the powershell isn't running as admin. Not even sure if that's an option.
The third and final thing I tried to do was to go through the Dirsync config wizard again. When I launch dirsync config wizard the very first screen says "The current user is not a member of the Synchronisation Engine FIMSyncAdmins group. If you have recently installed WAADSync tool, you may need to log off and log on again".
Logging off and on doesn't help. We don't have a group in our AD with that name, that I could make my Domain Admin account a member of.
However, when I log on as the other domain admin that initially set up dirsync, I don't see that error message at the start of the wizard. At the screen where I am to put in WAAD credentials, I try with the credentials of an Azure AD account (that previously worked for dirsync). The error then says that account is not authorised to carry out a sync.
This page http://social.technet.microsoft.com/wiki/contents/articles/19098.howto-install-the-windows-azure-active-directory-sync-tool.aspx says that WAAD account needs to be a member of the Company Administrators. I'm not sure where to set that. I don't think it's in 'role' there are only two options, User or Global Administrator, and it's set to User. Company Administrators is not a Group in the groups listed in Azure.
Thanks for any advice!