Wednesday, April 17, 2013

Error Installing Dirsync with FullSQL Option

Normally when you install Dirsync for account synchronization with Office 365, you let it install and configure a local instance of SQL Express. However, in large environments (over 50,000 accounts or so), you need to use a full version of SQL server to support a larger database and more memory.

To install Dirsync for a full version of sql, you need to use the following command-line to install:
dirsync /fullsql
After following the wizard to install Dirsync to the correct location, you still need to do some configuration. You specify the location of the SQL Server by using the Dirsync Install Shell. You start this PowerShell prompt by running C:\Program Files\Microsoft Online Directory Sync\DirsyncInstallShell.psc1. Then for a local SQL instance, you run:
Install-OnlineCoexistenceTool -UseSQLServer -Verbose

When you run the psc1 file from Windows Explorer, it does not open with administrative privileges even if the account you are using is an administrator. You need to run the install shell as Administrator or you will get an error like the following:
Install-OnlineCoexistenceTool : Local Administrator permissions are required to install the Windows Azure Active Directory Sync tool. Supplied credentials are not valid domain\username.
When you right-click DirsyncInstallShell.psc1, you do not get the option to Run as administrator. Instead, open a normal PowerShell prompt as administrator and the run DirsyncInstallShell.psc1 manually from within the prompt. This provides the necessary elevated privileges to complete the configuration.

Detailed steps for installing Dirsync are here:
Note that the detailed steps in the link above imply that you will be prompted for service credentials for Dirsync. In our installation, that was not the case, a local user account was created automatically and used for the service account because it was a local instance of SQL and network communication is not required between SQL and Dirsync. You will be prompted when using a remote instance of SQL and using the -ServiceCredential parameter because network communication requires and Active Directory account.

No comments:

Post a Comment