Create an OLSync Service Account in Outlook Live

The account you create in this step is a regular Windows Live account with an Outlook Live mailbox. It's easy to create:

• Sign in to the Exchange Control Panel for the Outlook Live domain with your Outlook Live administrator account and use the following information to create a new Windows Live user with a mailbox:
  
  • Display name: OLSync
    
  • Windows Live ID: OLSync@<tenant domain>.com
    

Need detailed help? See Create a New Mailbox.

After you create the OLSync service account, sign out of the Outlook Live domain, and sign in to the Outlook Live domain again with the OLSync service account using Outlook Web App (https://www.outlook.com/owa). You have to do this one time to accept the terms of use for that new account. If you don't sign in to Outlook Web App and accept the terms of use, you will get Access Denied errors when you try to run FIM 2010 or ILM 2007 with the service account.

To use the OLSync service account, you have to elevate the permissions associated with the OLSync service account so it can be used by FIM 2010 or ILM 2007. To do this, you must connect Windows PowerShell to Outlook Live. Here's how: Connect Windows PowerShell to the Service

The GALSynchronizationManagement role based access control (RBAC) role lets the OLSync service account run Exchange synchronisation cmdlets on your Outlook Live domain.

• In a client-side session, run the following command:
  
  Copy

  New-ManagementRoleAssignment  -User OLSync@<tenant_domain> -Role GALSynchronizationManagement -Name "OLSync Svc Role"
  

The last configuration you need to make to the service account is to give the account access to Windows Remote Management (WinRM) so FIM 2010 or ILM 2007 can connect Windows PowerShell to Outlook Live. After you have run the command to enable WinRM on the OLSync service account, be sure to close the current Windows PowerShell session.

1. In a client-side session, run the following command:
   
   Copy

   Set-User OLSync@<tenant_domain> -RemotePowerShellEnabled $true
   

2. In a client-side session, run the following command to disconnect Windows PowerShell from Outlook Live:
   
   Copy

   Remove-PSSession $rs
   

Because this OLSync service account will be used by FIM 2010 or ILM 2007 to synchronise your on-premises domain with your Outlook Live domain, the best way to test the configuration is to open a client-side session with the service account.

Open the session from the computer where FIM 2010 or ILM 2007 is installed.

To open a client-side session with Outlook Live, follow the procedure in Step 3, but instead of providing the Outlook Live administrator account credentials, use the OLSync service account credentials.

After you open the session, run the following cmdlets to make sure the account has the appropriate RBAC permissions:

• Get-SyncMailbox
  
• Get-AcceptedDomain
  

If you don't get any errors, the service account is ready to use.

If you can't run the cmdlets, the assignment of the GALSynchronizationManagement role may have failed. Perform step 4 again.

If you still can't run the cmdlets, you haven't successfully connected Windows PowerShell to Outlook Live. Perform step 3 again.

Implement Outlook Live Directory Sync for Live@edu

• How Outlook Live Directory Sync Works
  
• Plan Your Outlook Live Directory Sync Deployment for Live@edu
  
• Deploy Outlook Live Directory Sync for Live@edu
  
  • OLSync Prerequisites
    
  • Prepare Your On-Premises Organisation for OLSync
    
  • Create an OLSync Service Account in Outlook Live
    
  • Create an On-Premises OLSync Service Account
    
  • Run OLSync Setup
    
  • Configure the OLSync Hosted Management Agent
    
  • Specify the On-Premises Organisational Units that are Synchronised to Outlook Live
    
  • Configure Password Change Notification Service (PCNS) for use with OLSync for Live@edu (optional)
    
  • Perform a Full OLSync Synchronisation to Outlook Live
    
  • Verify OLSync Synchronisation to Outlook Live
    
  • Perform Subsequent OLSync Data Synchronisations to Outlook Live
    
• Outlook Live Directory Sync Reference