Office 365 Deployment: Phase 2

Active Directory Preparation

Before you can begin synchronizing your Active Directory with Office 365 using DirSync, you must first ensure that directory objects meet specific formatting criteria.  This ensures that attribute values are unique and that invalid characters and formatting of such attributes as sAMAccountName, displayName, proxyaddresses, etc are formatted correctly for synchronization into Azure Active Directory for your Office 365 tenant.

You must also ensure that each user’s UserPrincipalName value and proxyAddresses values contains a domain that is publicly routable (i.e. and not user@contoso.local).  I recommend setting each user’s UPN to match their default SMTP address for simplicity.

To do this, I recommend using the IDFix tool provided by Microsoft.  You can down load it at


The IDFix tool queries your Active Directory and returns all user, contact and group objects and lists their property values for

  • sAMAccountName
  • givenName
  • sn (surname)
  • displayName
  • Mail
  • mailNickname
  • proxyAddresses
  • targetAddress
  • userPrincipalName

If any of these values contains data that will not synchronize (such as a space in the mailNickname or non-routable UPN) it will attempt a best-effort to suggest an updated value.  You can also manually input the updated value you require for your migration.  Then, you can use the IDFix tool to not only apply those updates individually or in bulk, you can also revert those changes if necessary.

You can also export the data to a csv file that you can massage inside Excel, reimport into the tool, and then apply changes.

Next up, Phase 3 – Identity and Single Sign-On