The LastName attribute of Office 365 is mapped to the Surname attribute of the Identity Vault. If the value of LastName is removed from Office 365, the Identity Vault does now allow empty field to be synchronized.
The Display Name attribute of Office 365 is mapped to the Full Name attribute of the Identity Vault. The Identity Vault does not allow a Full Name value with more than 64 characters. The Identity Vault sends a SYNTAX_VIOLATION exception.
The First Name attribute of Office 365 is mapped to the Given Name attribute of the Identity Vault. The Identity Vault does not allow a Given Name value with more than 32 characters. The Identity Vault sends a SYNTAX_VIOLATION exception.
The Office 365 driver does not support the synchronization of user initials on the Subscriber channel. To workaround this issue, send the powershell cmdlet Set-User -Initials <initals> - username as part of the subscriber event.
It occurs for the attribute that are either irrelevant to the type of group and user that is being synced or unsupported by the cmdlets.
For some operations, traces might appear with this message:
Disallowed attribute Sync : <attr>.
The Office 365 driver displays invalid EmailAddresses attribute synchronization message when you add a user to the Office 365 portal. To workaround this issue, perform any one of the following actions:
Configure a new single-valued eDirectory attribute of the type syntax string and map it with the MsolUserType in the schema mapping. You must set the MsolUserType attribute to UserMailbox/MailUser to synchronize the exchange attributes during the Add operation.
Customize the Subscriber command transformation policy to include a rule that adds the MSolUserType attribute to the Add XDS event if MsolUsertype is not defined.
To start the Office 365 driver, change the set-executionPolicy toin the Powershell. By default, it is set to . If you don’t change the setting, the driver fails to start and displays the following error message:
Error Connecting to Office 365. File <file>.psm1 cannot be loaded because the execution of scripts is disabled on this system.
The Office 365 driver does not allow some of the Distribution or Security Group settings for specific groups. For example, it doesn’t allow you to setto for a Security Group. It doesn’t allow you to set to for some Distribution Groups.
The TypeInitializationException exception can occur in the following cases:
PowerShell help is not up-to-date.
The Office 365 driver is not compatible with the Microsoft Online Services module.
The Microsoft Online Services are not present in the driver installation folder.
To start the driver successfully, perform one of the following actions:
Run the get-help new-msoluser PowerShell command or run the Update-Help command to download and install the most recent help files for the Windows PowerShell modules. You can run the PSVersion command to verify the powershell version.
A prompt displays asking you to confirm the update. Clickto proceed with the update.
Upgrade the Office 365 driver to the latest patch and the Microsoft Online Services to the latest version. For more information, see Prerequisites.
Ensure that all the dll files from the default Windows PowerShell path are copied to the driver installation folder. For more information, see Section 2.0, Installing the Driver Files.
Unblock the downloaded dlls. To unblock them, right-click the following binary files and select .
The driver generates error messages if you try to re-grant an RBPM role that includes multiple entitlements to a user.
It is safe to ignore the error because it does not affect the re-granting role operation.
The description attribute does not synchronize for the Exchange groups on both Subscriber and Publisher channels.
There is no workaround at this time.
The driver does not support exchange group attributes poll on the Publisher channel. NetIQ recommends that you set exchange attributes toon the driver filter.
When the Publisher channel updates the eMailAddress attribute for an exchange group, the driver sends a delete event and removes the group Description attribute from the Identity Vault.
The Office 365 driver does not synchronize the delete event with the Identity Manager if all the groups are deleted from the Office 365 portal.
Identity Manager creates duplicate primary email addresses (SMTP) for the Office 365 users when the users are renamed.
To workaround this issue, set theoption to for the Internet EMail Address attribute in the driver filter.
The O365 throttling issue encountered error randomly occurs when a user or group operation fails on the Exchange portal.
This is a Microsoft issue. Contact Microsoft support to troubleshoot the issue.
The Office 365 driver displays exception errors when you restart the driver after an abnormal exit. This is due to unavailability of runspaces required for establishing new remote PowerShell connections with the Office 365 portal. Before attempting a driver restart, wait for the Office 365 portal to automatically close the active runspaces because Microsoft allows only limited remote runspaces for each exchange online users.
When a user is deleted from the Identity Vault which is a member of an associated group, it displays the following error message in the driver logs:
The member you are trying to delete is not in this group.
It is safe to ignore this error message.
When you add a user with MSolUserType attribute set to UserMailbox, the account tracing attributes are not created for the user.
There is no workaround at this time.