Active Directory synchronization for Office 365
As an administrator, you need to do some preparation before you synchronize your local Active Directory to Microsoft Office 365 for enterprises. First, you must decide whether you want to set up single sign-on, also known as
identify federation, which enables your company’s users to sign in to Office 365 by using their corporate credentials. Activating directory synchronization should be considered a long-term commitment. After you have activated directory synchronization,
you can edit only synchronized objects by using on-premises.
The first time that the Directory Synchronization tool runs, it copies all the relevant objects (user accounts and security groups) to Office 365. Before performing this operation, you must know the number of objects that will be copied so that you can plan
ahead for the effect this operation will have on your network response time and the computers that are running Microsoft Exchange Server. These attributes / objects are heavily used for Lync, SharePoint and Info Path work flow.
Objects that have been synchronized from your on-premises Active Directory service appear immediately in the Global Address List (GAL); however, these objects may take up to 24 hours to appear in the Offline Address Book (OAB) and in Microsoft Lync Online.
Steps to follow
You can use the directory synchronization Windows PowerShell cmdlet to force synchronization. The cmdlet is installed when you install the Directory Synchronization tool.
You can also force synchronization by running the Microsoft Online Services Directory Synchronization Configuration Wizard; however, you will have to complete the entire wizard to do so, including entering your credentials again.
When directory synchronization is installed, the local Active Directory becomes the master for all changes to the synchronized mail-enabled objects in Office 365.
Regarding the creation of the MSOL_AD_SYNC user account, there is no standard "Users" organizational unit. It is a container (and as such cannot have a policy applied to it). I know the wording came from this article: technet.microsoft.com/.../jj151771.aspx, but that article is in error.