In this post I will try to cover some details that may help to understand how Microsoft Online Services Directory Synchronization Tool (MOSDST) works when it synchronizes on-premises Active Directory with Office 365. MOSDST is nothing else than a custom solution built on top of Microsoft Identity Lifecycle Manager 2007, but for non-ILM people it may seem a black box that synchronizes objects from AD to O365 without control. Knowing what it does may help understanding what it does. I name it “Part 1”, as I expect to hopefully add some more posts around this topic .
The SourceAD Management Agent created by MOSDST is simply an Active Directory MA, with the following configuration details:
Not all your objects in AD will end up in Office 365. While it is said that MOSDST only synchronizes users, groups and contacts, it is not exactly like that. What it loads into Office 365 depends on:
The ADMA filters out certain “user”, “inetOrgPerson”, “contact” and “group” objects if they match certain conditions. Here are those. If you expect an object to be synchronized to Office 365 but it is not, check if it is matching one of these filters.
“mail-enabled” in this context means that either has a primary SMTP address in proxyAddresses attribute (i.e. “SMTP:firstname.lastname@example.org”), or mail attribute has an SMTP address (i.e. “email@example.com”).
Update: Somewhat similar info can be found here and here. A great PDF is also available here that contains lots of inner details about Sync Tool too.
Great content! Specially the "what's filtered out". I find it quite useful! Thanks!!!!