If you're considering moving to Office 365, you've probably been looking into the options for Directory Synchronisation. If your AD is anything like ours, you'll have a number of accounts for services, ex-staff, contractors, etc. that you don't really want synchronised up to Office 365.
By default there's no control over the filtering of accounts within the Directory Sync Configuration tool, and the content on setting this up has been "coming soon" for over 6 months, which is a shame, however, when you run the Office 365 Deployment Readiness Tool you'll see the following line in the reports:
Filters were applied to obtain the above object counts for an Office 365 deployment.
So clearly these filters are configured somewhere - but where?
Hunting around on the web, I've found a very useful post for the initial setup scenario from credera: Filtering Users in the Office 365 Directory Synchronization Tool where they talk about using the UI based on Forefront Identity Manager (FIM 2010) - and suggest you run this before DirSync runs. I failed to realise the implication of one aspect of this: Even if you clear the "Synchroize directories now" so DirSync doesn't force the update, you've started the service and the 3 hour timer - so don't start this just before you go home for the weekend, otherwise you'll end up with all your accounts online like I did.
So how do you implement filtering after you've done initial import? Well, it's not too painful once you've looked around at the systems.
Start by firing up the Synchronization Service Manager through using the miisclient.exe executable found deep in the Sync Service's UIShell folder, and switch to the "Management Agents" pane. Click on the "SourceAD" Management Agent line, and select Properties.
Then select the "Configure Connector Filter" (apparently you can also do things with the Directory Partitions - your milage may vary), select "user", and create a "New..." rule:
As I'm only interested in importing users from our "Staff" organizational unit, and groups from our "Company_UserGroups" OU, I set up one filter with the following rules:
"<dn>" "Does not contain" "OU=Staff"
"<dn>" "Does not contain" "OU=Company_UserGroups"
Ok out of the dialogs and return to the "Operations" page. You now need to perform a Full synchronisation to remove the filtered out users:
From the Actions menu, select "Run..."
Ensure that "SourceAD" Management Agent is selected in the top dropdown, then select "Full Import Full Sync" from the list of Run profiles, and press "OK".
Once that operation shows has a status of "success", select "Run..." again, and this time switch to the "TargetWebService" management agent, and choose the "Full Confirming Import" run profile, and press "OK".
Once that operation also shows a status of "success", you'll want to run the "Export" profile for the "TargetWebService" management agent.
As you can see, after each run you should see confirmation of deleted accounts in the reports.
To confirm that they've really gone away, you can then fire up forced run of the standard sync using the powershell command Start-OnlineCoexistenceSync if you run the DirSyncConfigShell powershell script from the root of the DirSync install folder, or by re-running the Directory Sync Configuration Tool.
Just deleting the users from Office 365 using the Remove-MsolUser command obviously didn't work as they were just recreated again with the next diffential sync.
I also found that the event log will contain warnings that your configuration has changed and you need to perform a full sync for the changes to take effect:
The management agent "SourceAD" completed run profile "Delta Import Delta Sync" with a delta import or delta synchronization step type. The rules configuration has changed since the last full synchronization.
User Action
To ensure the updated rules are applied to all objects, a run with step type of full synchronization should be completed.
Filed under: Tools
I'm a massive fan of LINQPad - it's much more lightweight than SQL Management Studio if you want to muck around with your data, and allows me to work against SQL with C#, rather than having to remember how to use cursors and the like when I've got some otherwise tedious data re-mapping to do.
That said, I'd never really pointed it at an Entity Framework EDM before, but I'd been wondering about the best way to tidy up the code for the tag clouds in the albums section of this site, so thought that I should see what I could do with the entity model as it stood, without resorting to stored procs.
Firing up the "Add Connection" wizard, I selected "Entity Framework" from the "Use typed data context from your own assembly", selected the website library, selected the (only) EDM from the library, and confirmed the provider.
LINQPad then created the data context correctly, so I pulled up a query to start working against it, only to get the following error message:
An assembly with the same identity 'System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' has already been imported. Try removing one of the duplicate references.
This was slightly confusing - obviously both my project and LINQPad are referencing the System.Data.Entity namespace, and if I remove the reference from my project, I won't be able to build it. How do I remove it from LINQPad then?
It turns out that I don't have to do either. The clue (for me) lay in the notes section of the "Using LINQPad with Entity Framework" page:
If your assembly references other assemblies, LINQPad will pick up these, too, providing they live in the same folder.
Note the bit in bold from the original page - it would appear that my reference to the System.Data.Entity library was set to "Copy Local". Setting that to false and restarting LINQPad removed the error message, allowing me to clean up the tag code somewhat.
Filed under: Tools
Everyday, It's a getting closer - I've been using the Early Access Program nightly builds of ReSharper 4.0 since they became available back in February - it's been great to see the features I've been using gain support in this tool.
Anyway, I've just seen that yesterday's build is not only marked as Stable, but is the ReSharper 4.0 Beta Candidate (sending you to the overall page, in case there's more recent ones when you're reading this).
Anyway, what are you waiting for? Go and get the latest copy of this tool - you'll wonder how you ever managed to code without it 
.
Filed under: Tools
Sweet, it would appear that I can indeed post blogs from my windows mobile phone, from Opera Mini which I have to say also rocks.
Just a lack of wysiwyg controls, and some of the more important symbols missing from the keyboard; like < and >!
Filed under: Tools
Ok, so I've finally managed to tear myself away from World of Warcraft long enough to start playing with The Goods from my trip to PDC (I know, it's been over a month already!).
I thought I'd do the sensible thing, and not screw up my home PC by installing everything on there, so I stuck in Disc 3 and started the install of Virtual Server. All was going well, until BANG! "Error 1402: Could not open key: HKEY_LOCAL_MACHINE\Software\Classes\Msmarkup2.DOMDocument.4.0\CLSID. Verify that you have sufficient access to that key, or contact your support personnel." Now, I know I shouldn't be, but I'm an admin on the box, but what the hell, "Run as..." and enter the admin password just to be safe - the same error.
Nothing on Microsofts site - this error message doesn't apply to people running Windows 2000 or XP apparently. Anyhow, a little more (Google rather than Microsoft) and I got Yeep's solution on Digiwar.com - Delete all registry keys refering to version 4.0, reinstall msmarkup4.0, and then install Virtual Server - So many thanks to Yeep.
Filed under: Tools
Ok, it's simple and easy, but anyway, here's how to get IntelliSense in Visual Studio for xslt files: radsoftware.com.au
Filed under: Tools
Yay, my subscription upgrade to version 7 arrived yesterday! Very excited 
.
For more info, check it out here: Discreet 3ds max.
Looks like I'm going to be busy…
Filed under: Tools
Yep, I'm back from a nice long break in Spain with my Dad. Check out the pictures in the gallery.
I've been spending too much time playing in The Kingdom of Loathing recently - it's very funny - well worth wasting half an hour a day in
Also, in tools news:
If you aren't already using it, go and get a copy of JetBrains ReSharper - while most of it's features are in VS 2005, it's a great stop gap until that's actually released and we're using it. It make maintaining and designing code so much easier
Filed under: Tools
Remembered a couple of others too:
-
Luke Hutteman's SharpReader - Like many other tools around, it's an RSS aggregator
-
The GIMP - Available on Windows too, the GNU Image Manipulation Program is getting more like Photoshop each day
Enjoy
Filed under: Tools
Another useful tool I thought I'd missed the boat on:
[Update 2004/07/26: they moved it...]
Filed under: Tools