Friday, June 26, 2015

The Office 365 store now open for business

image

If you go to your Office 365 app launcher (typically accessed via the waffle in the top left corner of your Office 365 web portal) you’ll see or soon see a new icon.

image

The Office 365 Store has arrived!

image

Selecting the Office 365 Store icon will take you to the above page, where you can now start adding third party applications to your Office 365 environment.

image

Selecting an app will take you to a dedicated page like that above, where you can now add it to your environment.

image

As you can there are currently over 1,200 apps available to be added in! You can also expect this number to grow rapidly.

Office 365 provides a standard platform to develop and use apps. This is appealing for both users and developers. Other cloud platforms make lots of noise about all the third party add-ons they have. 1,200 is s good starting point that will only increase. You just watch and see.

Thursday, June 25, 2015

Office 365 Video now supports embedding

image

Hopefully you know that Enterprise Office 365 suites have a video portal facility built right in, kinda like YouTube for the Enterprise.

I wrote a post a while back on Office 365 video embedding. It was a bit of a hack to be honest since Office 365 didn’t at that stage expose the HTML embed code. That’s all just changed!

image

If you now look in the top right of any video in Office 365 you see the Embed link as shown above.

image

Selecting that will open a new dialog that provides the embed code. Simply copy this.

image

Go to the location in SharePoint where you wish to display the video, edit the element, select the Insert tab at the top of the page and then select the Embed code button right of the Ribbon menu.

image

Paste the embed code into the box that appears. Immediately, you should see a display of he video below as shown above.

Select the Insert button to save the changes. Then save the element you are editing.

image

Now the video should be visible in the element as shown above (here, just a normal page).

The answer to your very next question is that at this stage is, no, you can’t publically (i.e. without an Office 365 login) share videos from Office 365 video, even using the embed code. However, as I understand it, that ability is coming so stay posted for updates.

Wednesday, June 24, 2015

Getting Started with Azure updated

Just wanted to let everyone know that I have updated both my Introduction to Azure course as well as my Office 365 bootcamp offering. You can find both of these products on my publications page at:

http://www.ciaops.com/publications

Because both of these products are changing so rapidly I am trying to keep them as current as possible. Once you purchase the products you will continue to be eligible for updates for the life of that product.

So what is typically updated? For the Azure course I’ve added another video plus access to my Azure OneNote notebook that is full of tutorials, information, links and more. For the Office 365 bootcamp I’ve updated the training OneNote files, the notes for the 70-347 and 70-346 certification exams.

The benefit of OneNote notebooks is that you can use them on any device. If you save them to OneDrive or SharePoint they can also automatically sync across all the devices. You can also use them offline and most importantly they are fully searchable. It is for this reason that I use these notebooks every day in my business to keep track of everything.

By purchasing these, or any of my publications, you are helping me stay in business and allow me to focus on providing more information into these products. Of course all these products are free to subscribers of my Cloud Business Blueprint community. which also provides a heap more for your investment. I encourage you to also check that out if you are keen on taking your cloud business further.

Save time, save effort and help me create the best information sources for products like Office 365 and Azure by supporting my publications. For those people that have already done so, I thank you for your support.

Tuesday, June 23, 2015

Controlling Office 365 integrated applications

Unfortunately, average users tend to click ‘Yes’ a lot more than they really should. If they could but restrain themselves somewhat the world would have far less viruses. BUT, we know they just can’t help themselves sometimes and administrators and IT Pros are left to clean up the damage.

In the the world of security, prevention is far easier and cheaper than the cure so taking pro-active steps to control when users allow third party applications access to their data can be handy. Office 365 provides the administrator the ability to do just this via Azure Active Directory that is included free with all Office 365 subscriptions. Here’s how.

image

Firstly, login to your Office 365 admin center.

image

In the bottom left select Azure AD.

If you haven’t already enabled Azure AD as part of your Office 365 tenant (which is free), see my previous post:

Enabling your Office 365 Azure AD

image

Select the Active Directory option on the left and then select the name of your directory (there should only be one).

image

Select the configure tab from the options across the top.

image

Scroll down until you locate the integrated applications area towards the bottom. here you can disable (by changing to No) all users ability to add integrated applications and have those applications access the users data.

image

If you make a change you’ll need to select the Save button at the bottom of the page that appears to update the directory with the new configuration.

With these options configured administrators can have piece of mind that none of their users can add applications from places like the SharePoint Store that could access Office 365 data and potentially cause information leakage or worse.

Friday, June 19, 2015

Azure VM backups

I’ve previously detailed how you can use Azure Backup to backup desktops as well as servers here:

Azure desktop backup

Which basically does files and folders but in such a way that only the differential changes are sent each time. The question for many IT Pros is how do I recover a complete Azure VM like I can on premises using my traditional disk imaging tools?

The good news is that Azure now has such a services called Azure VM Backup and here’s how to use it.

image

Best practice is probably to go in and create a new Backup Vault in Azure to ensure you know what storage ‘bucket’ these backups are in. This is because you can back up a lot of different things using Azure services.

image

It will take a few moments for the new Backup Vault to spin up once you have selected a region for it. Which region you select is important because you can, by default at the moment, only backup VMs from the same region.

image

Once the new Backup Vault is ready select it, then select Registered Items from the menu across the top. Ensure that the type is set to Azure Virtual Machines and then select the Register link at the bottom of the page.

image

Place a check in the VM(s) you wish to backup. Then select the check icon in the lower right to save the configuration.

image

The machine you selected will then be ‘registered’ This means it will have the appropriate configurations made to allow it to be backed up. The VM will need to be running during this process or the registration will fail.

image

If you now select the Jobs option from the menu you should see the registration process proceeding. The registration should take around 5 minutes but may vary on what type of VM you are backing up.

image

If you now return to the Registered Items menu option you should see your machine listed as shown above.

image

With that machine still selected, you will see a number of buttons at the bottom of the page. Select the Protect button to commence a backup of this VM.

image

Select the items to protect and press the continue arrow in the bottom right of the window.

image

You’ll then be prompted to create a protection policy. Best policy is to create a new policy, given it a meaningful name and then select the backup frequency.

At this point in the time the most frequently you can backup a VM using this process is once a day.

After you have selected an appropriate Retention Range, select the check to save the settings.

image

If you wish to do an immediate backup at any time outside the configured schedule, select the Protected Items from the menu at the top of the page.

image

Ensuring that the desired VM is selected, press the Backup Now button at the bottom of the page.

image

If you return to the Jobs menu you should see a new job that is “InProgress” as shown above and the Operation is “Backup”.

The VM being backed up of course needs to remain up and accessible during this process.

Even though you can’t schedule backups more frequently than once a day via the browser I’m betting you can via PowerShell and perhaps even use the automated Run Book features of Azure to do this.

The VM you are backing up continues to run as normal and I saw no performance impact occur in this test environment during the process. That may of course vary depending on loads and amount of data to be backed up of course.

From - https://azure.microsoft.com/en-us/documentation/articles/backup-azure-vms-introduction/

How does Azure virtual machine backup work?

To back up a virtual machine, first a point-in-time snapshot of the data is needed. The Azure Backup service initiates the backup job at the scheduled time, and triggers the backup extension to take a snapshot. The backup extension coordinates with the in-guest VSS service to achieve consistency, and invokes the blob snapshot API of the Azure Storage service once consistency has been reached. This is done to get a consistent snapshot of the disks of the virtual machine, without having to shut it down.

After the snapshot has been taken, the data is transferred by the Azure Backup service to the backup vault. The service takes care of identifying and transferring only the blocks that have changed from the last backup – making the backups storage efficient. When the data transfer is completed, the snapshot is removed and a recovery point is created. This recovery point can be seen in the Azure management portal.

Azure virtual machine backup architecture

So as a I test I used Azure VM Backup to initially backup a Windows 10 machine with Office 2016 installed. That took 37 minutes. Immediately after that backup completed I run another and it took 23 minutes. The Windows 10 system reported about 25 GB of total used space.

Now, what happens when you want to restore? Basically you’ll be restoring the whole machine to a new VM. The current preview of Azure VM Backup doesn’t permit restoring to the original VM, however I’m sure down the track that will become available.

image

To restore your VM go to the Protected Items options from the menu and ensure the machine you wish to restore is selected.

image

From the button at the bottom of the page select Restore.

image

Select a recovery point from the list (this is basically all the backups you have performed). Press the continue arrow in the lower right to continue.

image

You now need to give the restored VM a name (it can’t be the same as an existing machine so if the original still exists you’ll need to delete it first as source over writing is not yet available).

You’ll also need to select a storage account, virtual network and subnet.

Once you have done that select the check icon in the lower right to commence the restore process.

image

If you go and check the Jobs option again you should see a restore job in progress as shown above.

image

For me, after only 8 minutes the restore job completed (that is for a 25GB of data) and if you now look in your Azure Virtual Machines you will see the item your restored, just as it was when you backed it up.

Azure VM Backups are still in preview and there some limits on what features are not available as yet. You’ll find that details in this blog post:

http://azure.microsoft.com/blog/2015/03/26/azure-backup-announcing-support-for-backup-of-azure-iaas-vms/

Most of the limitations I would expect to disappear in a very short space of time. That is going to make Azure VM Backup a pretty powerful option for your Azure IaaS solutions.

Here are some additional articles with more details about:

Introduction to Azure VM Backups

Backing up with Azure VM Backup

Restoring with Azure VM Backup

So now you can use Azure to backup up you Azure VMs as you would  have typically done on premises using imaging software. Using Azure VM Backup is going to however provide improved ease of use and scalability as well as the ability to more rapidly improve than an existing on premises options.

Azure VM Backup is yet another example of the power the cloud is bringing to traditional infrastructure by making it easier and better.

Skype for Business conference bridge

I’ve been doing a lot of webinars lately and one of the features of many dedicated conferencing packages like GotoWebinar is the ability for attendees to dial in using a normal phone line. many don’t realise that this option is also available in Skype for Business.

image

If you login to your Office 365 admin portal and then select the Skype for Business service you should see taken to the Skype for Business admin center. From the menu on the left you should see the option for dial-in conferencing, select this to see the above screen.

image

If you then select dial-in users from across the top you will see a list of users who have been enabled for Skype for Business.

Here you can see I already have one user who is configured for dial in conferencing. To modify a user just select them and then the pen (edit) link that appears to the right.

image

You should then see a screen like that shown above where you can edit the dial in details for that user.

image

When you pull down the options for Provider name you will see the above list who are supported with Office 365.

Now here’s where I started to get lost. What do I need to do? How to sign up for the right service? Can I get this to even work here in Australia? Luckily, I knew just the man to call – Greg Plum from PlumUC.com whom I met last year at Office 365 Nation.

Although Greg is based in the US he was able to set me up with Intercall who have local (Australian) dial in numbers. If you want all your users to have dial in facilities for their Skype for Business you’ll need to get separate details for each user. Overall the cost is pretty cheap to provide this facility and Greg got me hooked up quick and easy.

image

So once you have the dial in details entered for that user when they create a new Skype for Business meeting those call details will appear in the invite as shown above. This then allows people to attend either using their desktop or their phone.

Once again, I will call out Greg Plum from plumuc.com no matter where in world you are located to get the dial in bridge set up for you. As I said, even here in Australia Greg could get the feature up and running and I doubt few other Office 365 resellers here in little ol’ Australia have that ability. That gives me a huge point of differentiation when it comes to my local market and gives me a real competitive advantage when speaking to customers.

So if you want to set up dial in conferencing with Skype for Business in Office 365 it is pretty straight forward and I strongly recommend you contact Greg Plum from plumuc.com to help. Tell him I sent you!

Thursday, June 18, 2015

Office ProPlus User Activation Management

image

One of the most common requests I hear from Office 365 administrators is the desire to manage each users desktop Office software deployments. Until now only the user could do this in their own portal, but now if you go into the Office 365 admin portal as an administrator and select an active user,

image

you’ll see a new option on the right called Office installations.

image

If you then select the Edit hyperlink.

image

You’ll get a window like the above slide out from the right. In there you see information about the installations of Office desktop software for that user. You will also have the ability to de-activate those installs, just like a user can do on their own via their portal.

A nice addition for administers of Office 365.

Here’s a short video from Microsoft on the feature.

Another Cloud Business podcast

Just uploaded the latest Cloud Business podcast that I do with Nigel Moore. You’ll find it on iTunes, Stitcher but also here for direct listening:

http://www.cloudbusinessblueprint.com/podcast/episode-030-how-will-your-customers-change/

In this episode we focus on how change is going to affect your business customers. Who they are and what they want is going to change over time and especially IT customers as automation and commoditisation dominate more of the industry.

We also cover the usual round up of cloud news with some opinions and listener question throw in. Have a listen, subscribe and let us know what you think, we’d love to hear.

Tuesday, June 16, 2015

Free Office 365 Webinar

image

June has sure rolled around fast and it’s time again for our free Office 365 webinar where you’ll get the latest update on everything that’s happening with Office 365 and get to ask questions.

This month we are planning to show you some of the really cool stuff that is coming with PowerBI and how it will integrate into Office 365. You’ll learn how you can sign up and connect it to existing data sources, such as web site analytics, and start creating amazing dashboards today.

Of course there will be plenty of time to ask questions and get answers on everything you wanted to know about Office 365 as well. Remember, the webinar is free and you can register at:

http://www.cloudbusinessblueprint.com/ask-weekly-webinar

I hope to see you there.

Sunday, June 14, 2015

Configuring Yammer Dirsync

I’ve recently blogged about using DIRSYNC to connect your local Active Directory (AD) to Office 365. It is one of the most popular posts on this blog and you can find it here:

Windows Azure Active Directory Sync tool (DIRSYSNC) – the basics

I have followed this up even more recently with a post about the updated DIRSYNC tool called Azure Active Directory Sync Services and you can find that here:

Azure AD Sync Services tool – the basics

Finally, I have posted about the preview of the tool that is replace Azure AD Sync Services called Azure AD Connect and that you can find here:

Azure AD Connect (Preview) – Install

You may think these are the only tools used or required to copy you local AD to Office 365 services. They aren’t. Hopefully, you know that Yammer is now included free with many Office 365 plans and Yammer also contains user information. In fact it is possible to copy some of this user information from your local AD.

The place to start is the:

Yammer Directory Sync 3.0 Admin Guide

but before you get too far into the weeds what benefits does Yammer DIRSYNC provide?

As the guide says, after you set up this integration product, users will be able to be automatically:

- removed from your Yammer network when you disable them in AD

- invited to your Yammer network when you add them to AD

- updated with new profile information when you update their attributes in AD

and that is basically it. My personal take on this is that Yammer DIRSYNC doesn’t really provide a lot of benefit for smaller organisations that don’t have thousands of AD users and who don’t have large amounts of turnover within their staff. If that is your business or your customer’s business then you can stop reading here and not have to worry about this any more.

However, I hope that you are at least somewhat curious as to how the whole configuration process of Yammer DIRSYNC is completed, and you might also be interested in some of the ‘challenges’ I faced getting this to work. That, at least, I hope makes you read through the volume of information I’ll detail here with the process I went through.

This attempt to configure Yammer DIRSYNC was completed in a test environment. I created a new clean Office 365 E3 tenant. I installed a new clean Windows Server 2012 R2 server in Azure. I created a new set of local AD users and used AD Connect (Preview) to get them copied to the Office 365 tenant. I then assigned them licences. All of this was prior to getting Yammer DIRSYNC operational.

So the plan was now to install Yammer DIRSYNC on the same server as Azure AD Connect (Preview), which as it turns out is the Domain Controller (DC). Of course best practice should always be to install any Office 365 user syncing tool (Office 365 DIRSYNC, Azure AD Services, Azure AD Connect, etc) onto a separate members server. The same would also go for Yammer DIRSYNC, however not all businesses have this luxury when it comes to rolling out addition on premises hardware do they? Also to my mind it doesn’t make sense to roll out more on premises hardware when the real desired aim to eventually move everything to the cloud. Thus, in this case, everything will reside on the Domain Controller.

image

When a user is invited to join a Yammer network they receive an email like shown above that provides them a link to get started with Yammer. When you enable Yammer in Office 365 using this process that I also recently detailed:

Enabling Enterprise Yammer in Office 365

Users won’t automatically receive such email invitations, they just need to select the Yammer icon from their app launcher inside the Office 365 portal. Thus, if you are looking to drive Yammer adoption throughout your organisation, having an email automatically sent to new users telling them about Yammer can provide a benefit. This you can do when Yammer DIRSYNC is enabled.

The first step in enabling Yammer DIRSYNC is to create a service account to be used by the DIRSYNC process. Thus, I went into my local AD, created a new user called Yammer Service and allowed that to sync to Office 365 (as I have Office 365 DIRSYNC enabled).

An interesting question gets raised here. What securities does this Yammer service account require both on premises and in Office 365? From what I can determine, locally, the Yammer service account can be just a normal user in the local AD and in Office 365 it has to have at least a mailbox license. This means if you only have Office 365 Suite licenses (i.e. SharePoint, Exchange, Skype for Business, together) you will need to either dedicate a complete license for this service account or purchase a stand alone Exchange Online license and add this to your tenant (which you can do now as Office 365 plans allow you to mix and match plans in one tenant).

imageO

Once the Yammer service account has been created in local AD, synced to Office 365 and assigned a license you simply login as that account and then navigate to Yammer so the service account is now an activated Yammer user. All this is the normal way you create and activate any Yammer user.

The next step is to login as an existing Yammer verified admin (typically an Office 365 Global Administrator) and select the Yammer enterprise admin area. Once there you will find an Admins option as shown above. Here you promote the new Yammer service account to be a verified Yammer admin.

 

image

Doing so means that the Yammer service account will have full control over Yammer (i.e. a Yammer admin) without the need to be an Office 365 Global Administrator (which gives them full control over more that just Yammer in Office 365).

Once you have added the Yammer service account as a Yammer admin you will also need to select the Grant Verified Admin button above to give that account full rights in Yammer.

image

You should now see the Yammer service account (here called Yammer Service) appear as a Current Admin as shown above.

image

What I then tried to do was go back into the Office 365 licensing and remove the license for the Yammer service account as I wanted to conserve licenses given I was using an Office 365 suite. Problem is when you do that (i.e. assign no license) you also don’t appear to get a Yammer license. You also don’t get a mailbox license which it turns out you’ll need later.

So, any Yammer service account requires at least a mailbox license in Office 365 from what I can determine.

The next step in the process is to download the Yammer.Dirsync.Setup program to your local on premises server on which the sync is gong to take place. You can download this software from:

http://go.microsoft.com/fwlink/p/?LinkId=511986

image

You kick off the installation and change the install directory if desired. if not then it will install into:

c:\program files (x86)\yammer\directory sync\

Select the Install button to continue.

image

You’ll then see the software being installed.

image

When that process is complete you’ll see the above screen. You need to insert the Yammer service account and password in the top part of the options to the right.

Now as you can see, when I did this I received the error Unexpected login failure even though I knew the password was correct. The solution lies here:

https://support.microsoft.com/en-us/kb/3015691

Which in essence this is telling you that you need to generate a unique ‘app’ password for this account to move forward.

image

To do that you’ll need to log back into Yammer as the service account and select the three dots in the top right and then Apps from the menu that appears.

image

In the All Apps area towards the bottom of the page select the Yammer tab.

image

Locate an app and select it by name. Here I located the Windows Phone app and select the hyperlink Windows Phone.

image

This will show you something like the above. The information you require is in the lower left of this window.

image

here you should see your Yammer service account email and a temporary password. You will need to use this back with the Yammer DIRSYNC program.

Note that the app password is only available for a short period of time, so copy it from here and then immediately head back to the Yammer DIRSYNC configuration.

image

Place this Yammer app password in the password field and select the Login button to continue.

image

I next received the above message which I have no idea what it meant so I simply selected OK to continue.

image

The next step is to put in the details for your local domain. Here I specified my domain controller and select the Login button.

image

Doing so then placed my domain controller in the window. Strangely, there is no continue button so I simply selected Validate from the options on the left to proceed.

image

Now select the Start Validation button.

image

The validation process will then commence.

image

At this point I received the error:

Invalid or missing attributes for required attribute(s): mail

image

After much trial and error I discovered that the apparent reason for this validation error is because the email attribute for the user is not set in the local AD. You can see the location of the attribute in the above screen shot of a users properties in AD.

In an environment with no local Exchange server you have to wonder how this field is going to get populated? Clearly, in my case it has to be done manually. That could be quite a pain if you have a lot of users!

image

Now, with all the users in the local AD having their email field populated I could successfully complete the validation step as shown above.

Again, no real next button here so select Sync from the options on the left to continue.

image

To continue you need to enter mail server and user details as shown above. This is the reason why you need to ensure that the Yammer service account has at least an Exchange Online license.

The server in this case will be Office 365 which for SMTP is:

smtp.office365.com

Port is:

587

and Enable SSL should be checked.

A number of articles I found said that you need to ensure the FromAddress field in the EmailNotificationSettings section in the file globalsettings.config.json should be manually changed from the default of noreply@yammer.com to being the same as in the Username field above, which should be the email address of the Yammer service account.

When I searched the directory that Yammer DIRSYNC was installed but I couldn’t find the globalsettings.config.json file. Turns out it is actually located in:

C:\ProgramData\Yammer\DirSync

by default. You may, as I had to, change the default view in Windows Explorer to actually see and navigate to the directory.

image

Turns out there is now a Yammer DIRSYNC icon in the system tray that if you right mouse click on show a menu as seen above.

image

If you select About from the menu that is displayed you will see the above dialog appear.

image

If you then select the Advanced Configuration button a Windows Explorer window will be opened at the location of the globalsettings.config.json file which again is located at:

C:\ProgramData\Yammer\DirSync

You can open the json configuration file with notepad and make the appropriate change from noreply@yammer.com to the email address of the Yammer service account you are using. Close and then save the json configuration file.

image

You then return to the Yammer DIRSYNC installation program and complete all the details.

You should also then be able to select the Send Test Email button to verify everything is working.

image

After which you should receive a green check mark as shown above.

To proceed, select the Apply button to the right which should now be available.

image

The Enable Sync button at the button of the window should now be available and The Status should read Not Running as shown above.

Select the Enable Sync button to proceed.

image

You should see the Status field runs through a few options such as Validating Settings as shown above.

image

If there are no issues the Status should say Running as shown above.

image

You can close the Yammer DIRSYNC program and it will continue to run in the background. You should find a Yammer DIRSYNC icon in the system tray which you can right mouse click on and select Open from the menu that appears to view the program again if needed.

Here is the Microsoft documentation on installing the Yammer DIRSYNC application:

Install Yammer Directory Sync

Now according to this:

The Yammer Directory Sync utility now queries Active Directory every 60 minutes and adds, updates, and suspends users, as appropriate.

The log files:

  • service.log – contains sync errors

  • ui.log – contains UI errors

are located in the directory:

C:\ProgramData\Yammer\DirSync

along with the json configuration file.

image

What should happen after a a period of time is that if you look in Yammer as an admin under the Directory Integration menu option you should see that it has been enabled as you can see above.

image

If you return to the on premises server you installed Yammer DIRSYNC on you will find a service called Yammer Directory Sync 3.0 as shown above.

Now, what I found was that Yammer DIRSYNC service was taking a very long time to actually sync. This was probably due to the fact that the first sync is quite large but my overall experience is that Yammer sync is quite slow and there is now way to force it like you can with Office 365 DIRSYNC. You simply have to wait.

When I look at the service.log file after this et I was seeing an error:

INFO [2015-06-11 23:18:28,807] - Scheduled interval set to 60 minutes
INFO [2015-06-11 23:18:28,807] - Starting with sync enabled: False
INFO [2015-06-11 23:18:44,224] - IPC Server running successfully
INFO [2015-06-11 23:19:51,595] - Registering callback for Yammer.DirSync.Core.IPC.Transport.NamedPipeServerBus+CallbackReference
INFO [2015-06-11 23:20:06,842] - Changing sync enabled to True
ERROR [2015-06-11 23:20:06,880] - Error saving enabled state
System.UnauthorizedAccessException: Access to the path 'C:\ProgramData\Yammer\DirSync\globalsettings.config.json' is denied.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
   at Yammer.DirSync.Core.FileSystemRepositoryBase`1.Save(T settings)
   at Yammer.DirSync.Core.FileSystemRepositoryBase`1.Save(Action`1 update)
   at Yammer.DirSync.Service.ScheduledSyncService.SetEnabled(Boolean status, Boolean interrupt)
INFO [2015-06-11 23:20:07,014] - Starting sync because sync state changed.

After another long period of troubleshooting what I found the solution that removed this access issue from the log file was changing the Yammer Directory Sync service to run as a domain administrator rather than the Network Service.

The other issue I saw a lot of in the log was:

Waiting for previously running sync to complete.

So in the end I left the sync process running and went away to do other things.

Eventually after at least 4 hours I returned to find that syncing was now successful.

INFO [2015-06-12 00:09:39,647] - Sending remote job Suspend with 1 users
INFO [2015-06-12 00:09:40,674] - Data received for job syncie-2-e2007c89-007f-44c6-8bd8-8e66b4ab6e9e, processing has begun.
INFO [2015-06-12 00:09:41,589] - Waiting for previously running sync to complete.
INFO [2015-06-12 00:49:51,074] - Yammer Directory Synchronization has completed.
1 Users Added
1 Users Updated
0 Users Suspended
0 Pending Users Deleted

I find it interesting that it took at least 4 hours to initially sink a clean demo system with only a handful of users! Again, my experience has been that Yammer DIRSYNC is quite a slow process.

INFO [2015-06-12 00:49:51,157] - Sync attempt finished with status: Success
WARN [2015-06-12 01:50:03,650] - Some attributes do not exist in directory CIAOPS-DC2: title, physicalDeliveryOfficeName, telephoneNumber, mobile, department, proxyAddresses
INFO [2015-06-12 01:50:03,774] - Reading directory users
INFO [2015-06-12 01:50:09,522] - Completed reading directory users. 0 total users.
INFO [2015-06-12 01:50:09,897] - No changes for sync phase CreateOrUpdate
INFO [2015-06-12 01:50:10,278] - No changes for sync phase Suspend
INFO [2015-06-12 01:50:10,278] - Yammer Directory Synchronization has completed.
0 Users Added
0 Users Updated
0 Users Suspended
0 Pending Users Deleted

As you see from the subsequent sync log above I was still get warnings which I wasn’t really sure what they meant or how to fix them, so I ignored them.

image

However, now after I created a new user in the local AD, allowed it sync to Office 365 via Office 365 DIRSYNC, then assign an Office 365 license, waited some more for it to sync to Yammer, the new user did receive for Yammer via email as you can see above.

Phew, that is a lot of work just to get that one email!

I then also deleted a user from the local AD, saw it removed from Office 365 and also no longer be able to login to Yammer so I am confident that the deletions in Yammer DIRSYNC also work as expected.

At this point I started to get more errors occurring with the Yammer DIRSYNC program to the point where the Yammer sync process would stop. I did some initial research on what might be causing these issues but abandoned that after a short while as I couldn’t really see much ROI in Yammer DIRSYNC.

At this point I abandoned further work on Yammer DIRSYNC as I had gotten it working.

Summary

The smaller the organisation the less of a need for considering Yammer DIRSYNC. I don’t believe it provides much real value unless you are adding or removing lots of users from you AD on a regular basis.

I found a lot of issues getting Yammer DIRSYNC operational and keeping it running in a small test environment. Maybe I overlooked some things or did stuff wrong, but I really couldn’t find a lot out there to help. I have included some helpful sites below in the references section.

It seems to me that the Yammer single sign on experience will be driven in future from Office 365 and Azure rather than a local application on a server syncing local AD. Hopefully something Azure AD Connect will one day incorporate all the synchronization Yammer requires. I expect this to be the case as Yammer becomes more and more integrated with Office 365.

The synchronisation of information to Yammer is very slow and only happens once an hour at most. I found now way to be able to force this synchronisation.

If you do have issue with Yammer DIRSYNC don’t be afraid to raise an Office 365 support ticket. The Yammer support people were very obliging and knowledgeable.

References

http://www.lifeonplanetgroove.com/setting-yammer-directory-sync-office365/

https://about.yammer.com/success/wp-content/uploads/sites/13/2013/05/Directory-Sync-3.0-Install-Guide.pdf

https://about.yammer.com/success/wp-content/uploads/sites/13/Directory-Sync-3.0-AdvancedConfig-Guide.pdf

https://jorgequestforknowledge.wordpress.com/2014/10/08/setting-up-yammer-dirsync/

http://channel9.msdn.com/Events/SharePoint-Conference/2014/SPC368

How to audit users in Yammer - https://technet.microsoft.com/en-us/library/dn783348.aspx

http://blogs.technet.com/b/askyammer/archive/2015/05/18/yammer-directory-sync.aspx

Plan for Yammer DIRSYNC - https://technet.microsoft.com/en-us/library/dn799027.aspx