Prepare Directory Servers: Office 365 (O365) (Obsolete)

Created: 2014-08-22 12:24:49
Modified: 2023-12-06 17:28:22
Tags: Obsolete

Obsolete Article. Refer to UnitySync Office 365 login requirements.

If you are running any version prior to v4.6, you must upgrade to the latest version to sync with o365.

Connections may be configured to read your O365 directory as a Source, discovering Users, Contacts and/or Groups. These objects may be synced to create contacts in any other supported Destination directory type (Active Directory, O365, etc).

Likewise, connections may be configured sync to your O365 directory as a Destination. When syncing to an O365 Destination, contacts will be created.

  1. Ensure your system meets the Special System Requirements for o365 connections.

  2. IMPORTANT NOTE: UnitySync is unable to join to contacts that already exist in Office 365, (whether they were manually created or created via Dirsync). To allow Unitysync to handle these contacts moving forward, the contacts must be deleted and re added by UnitySync.

  3. Please see the other Office 365 knowledge base articles for more information.

Login ID Syntax

When reading from or syncing to an O365 tenant, we recommend you make your UnitySync User Login and O365 Administrator.

Required Login information

ID: The login of the default administrative account or other custom account created for UnitySync. This is required information when using Office 365 (O365).

ID name format: Use the same login format you would use when logging into o365 on line:

i.e. AccountName@YourDomain.onmicrosoft.com

Password: The password that corresponds to the login ID specified

Limiting permissions for read/write of your O365 tenant

As an alternative to using an O365 Administrator account, you may create custom accounts for reading or writing to O365 using the minimum role permissions necessary.

Discovery of O365

You may assign minimum access rights to your UnitySync login ID for reading O365:

  • For example, create an unlicensed Office 365 user account without O365 admin rights.

  • For view only access to o365, add user to the “View-Only Organization Management” admin role in the Exchange Admin Center. This role should provide UnitySync the rights needed to run the powershell commandlets utilized by UnitySync

Discovery commandlets required

  • Get-User
  • Get-Mailbox
  • Get-EXOMailbox
  • Get-MailUser
  • Get-Contact
  • Get-MailContact
  • Get-DistributionGroup
  • Get-DistributionGroupMember
  • Get-UnifiedGroup
  • Get-UnifiedGroupLinks

Discovery filters for O365 differ from LDAP. Be sure to review this knowledge base article before attempting to craft Discovery filters for an O365 Source.

Syncing to O365:

We strongly recommend use of an O365 Admin account. Microsoft does not make it easy to create a non Admin account with the necessary access for UnitySync to perform the required powershell commands when writing to O365.

That said, it is possible for a Non Admin account to sync to O365.

Sync commandlets required

  • Set-Group
  • Set-DistributionGroup
  • Update-DistributionGroupMember
  • Set-Contact
  • Set-MailContact
  • New-DistributionGroup
  • New-MailContact
  • Remove-DistributionGroup
  • Remove-MailContact>

You may assign minimum access rights to your UnitySync login ID for writing to O365.

This example script might help you create the custom service account using powershell to provide the minimum rights for mail contact Powershell cmdlets needed by UnitySync when writing to O365.

Refer to: TechNet Overview of Built-in role groups

Refer to: TechNet View-only Organization Management

Please refer to the O365 KB articles and the UnitySync Administrator’s Guide for more information about O365 syncs.

Knowledgebase

Directory
  1. Directify - Self Service

  2. Mimic - Replication

  3. UnitySync - Sync
Password
  1. emPass - Sync
Obsolete
  1. Profiler
  2. SimpleSync