Chat now with support
Chat with Support

Power365 Current - Help Center

Help Center Home Power365 Platform Tenant-to-Tenant Directory Sync Migration for Active Directory Support

Directory Sync Lite Requirements

Important!: This topic relates to Power365 Directory Sync Lite. As of May 29, 2020, Directory Sync Lite is no longer the standard deployment option for Premium Integration and Integration Pro projects. More information can be found here.

Power365 Directory Sync Lite Active Directory Account Requirements  

This account is used for “read and write” access to the destination Active Directory (AD). Directory Sync Lite is used to manage AD changes during the various migration and integration user phases.

  • Account: One local AD user service account for each forest or domain.
  • Rights: Domain User with rights to Create and Modify objects in local AD.

Important Note: This account is only required if deploying the Premium Integration project type.

 

Power365 Directory Sync Lite Requirements  

Power365 Premium Integration Projects can only be implemented if both the source and target tenants are synchronizing AD objects from their on-premises environment to Microsoft Entra ID/Microsoft 365. Power365 Directory Sync Lite will make the appropriate changes to the local AD objects but Microsoft Entra Connect or an equivalent 3rd party sync solution must sync those changes to Microsoft Entra ID/Microsoft 365. The following attributes must be included in the AADC sync profile so that objects can be provisioned in the cloud correctly after Power365 syncs them into the target AD.

User

If Power365 is configured to create missing users in the destination AD environments then the following attributes will be set during creation. Most attribute values will be based on the source user object values while a few will be calculated.

  • adminDescription
  • displayName
  • givenName
  • legacyExchangeDN
  • mail
  • mailNickname
  • msExchArchiveGuid
  • msExchArchiveName
  • msExchHideFromAddressLists
  • msExchRecipientDisplayType
  • msExchRecipientTypeDetails
  • msExchRemoteRecipientType
  • msExchResourceCapacity
  • msExchResourceDisplay
  • msExchResourceMetaData
  • msExchResourceSearchProperties
  • objectClass
  • proxyAddresses
  • pwdLastSet
  • samAccountName
  • showInAddressBook
  • sn
  • targetAddress
  • unicodePwd
  • userAccountControl
  • userPrincipalName

Contact

Power365 will create Mail Contacts based on the project configurations in the destination AD environments. Most attribute values will be based on the source user object values while a few will be calculated.

  • adminDescription
  • displayName
  • givenName
  • legacyExchangeDN
  • mail
  • msExchHideFromAddressLists
  • msExchRecipientDisplayType
  • msExchRecipientTypeDetails
  • msExchResourceCapacity
  • msExchResourceDisplay
  • msExchResourceMetaData
  • msExchResourceSearchProperties
  • objectClass
  • proxyAddresses
  • showInAddressBook
  • sn
  • targetAddress

Group

If Power365 is configured to migrate Mail Distribution Groups in the destination AD environments then the following attributes will be set during creation. Most attribute values will be based on the source group object values while a few will be calculated.

  • adminDescription
  • description
  • displayName
  • groupType
  • mail
  • mailNickname
  • managedBy
  • member
  • msExchCoManagedByLink
  • msExchHideFromAddressLists
  • msExchRecipientDisplayType
  • msExchRequireAuthToSendTo
  • objectClass
  • proxyAddresses
  • showInAddressBook

Optional User Meta-Data

As an option with the Premium Integration project type, the following attributes will remain in synchronization until the user is cutover or the project is closed. The list below references the Active Directory attribute name and corresponding Microsoft Entra ID parameter name.

  • co - [Country]
  • company - [CompanyName]
  • department - [Department]
  • Info - [Notes]
  • l - [City]
  • Mobile - [MobilePhone]
  • PhysicalDeliveryOfficeName - [OfficeLocation]
  • PostalCode - [PostalCode]
  • postOfficeBox - [PostOfficeBox]
  • St - [State]
  • streetAddress - [StreetAddress]
  • telephoneNumber - [BusinessPhones]
  • title - [JobTitle]

Power365 Directory Sync Lite installs a Windows service named “Power365 Directory Sync Lite”. This service is the component that communicates with Active Directory and the cloud.

This service can be installed 2 different ways depending on the choice you make at installation time.

  1. If you choose “SQL Authentication” the service will be installed to run as “Local System”
  2. If you choose “Windows Authentication” the installer will prompt you for domain credentials and run the service as the specified user.

Run as “Local System” is the most common installation scenario but causes an issue if you require http proxy server routing. The service account is treated differently than regular user accounts and doesn’t generally pick up user proxy policy.

Proxy configuration can be done for the service account but is generally avoided.

The easiest way to use an http proxy server with Power365 Directory Sync Lite is to change the service “Log On As” value to a domain user, and configure that user’s proxy information.

General Requirements

  • Windows Server 2016 - US English Operating System
  • SQL Server - SQL Server can be a new or existing database. If you choose the “Default Install”, Power365 Directory Sync Lite will download and install SQL Express 2016 SP2 for you if no SQL server is detected on the machine.
    • Active Directory Domain Services running on Windows Server 2008 R2 or later. The domain and forest functional levels must be at least Windows Server 2003 native. The Active Directory forest must have the Microsoft Exchange 2010 SP3 (or later) schema extensions applied and Exchange Organization Name defined in the Domain.
      • Step 1: setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms
      • Step 2: setup.exe /Preparead /IAcceptExchangeServerLicenseTerms /OrganizationName:YOURCOMPANY
      • Step 3: setup.exe /Preparedomain /IAcceptExchangeServerLicenseTerms

The following SQL Server versions (English versions) are supported:

  • SQL Server 2008 R2
  • SQL Server 2008 R2 Express with Advanced Services
  • SQL Server 2012 SP2
  • SQL Server 2012 SP2 Express with Advanced Services
  • SQL Server 2014
  • SQL Server 2014 Express with Advanced Services
  • SQL Server 2016
  • SQL Server 2016 Express with Advanced Services
  • SQL Server 2017
  • SQL Server 2017 Express with Advanced Services

Supported Versions of TLS

  • TLS 1.2

Additional Requirements

  • Power365 Directory Sync Lite must be installed in both the source and target AD Forests.
  • Access to dedicated source and target Windows servers to install and configure the Power365 Directory Sync Lite application for each Microsoft 365 tenant is required.
  • The Binary Tree Directory Sync Lite Servers must be dedicated servers for the Binary Tree solutions. These can be virtual machines.
  • Microsoft Entra Connect or another 3rd party synchronization tool must be deployed from local AD Forest to Microsoft 365 to allow modifications to on-premises objects to be reflected in Microsoft 365.
  • Outbound port 443 must be open to the following destination: https://power365.quest.com/Api/DirSync
  • Both the source and target Active Directory schemas must include the schema extensions for Microsoft Exchange 2010 SP3 or later.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating