Yammer Dsync, Bulk update, Yammer SSO & Office 365 sign
When working with customers, there is sometimes confusion around Yammer Dsync and Yammer SSO. Yammer is separating user provisioning and authentication. For authentication, network can use one of the following: Yammer SSO, Office 365 sign in for Yammer and Yammer credentials. For user provisioning admins can use bulk update, but the real long term solution is syncing users from AD to Yammer using Yammer Dsync.
This post will be the first one in a series of post about Yammer Directory Sync (Yammer DSync). During this series we will try to explain how the tool works, how to configure it to answer your organizational needs and how to troubleshoot. This post will be introduction to Yammer Dsync tool.
More information about Yammer SSO and Office 365 sign in for Yammer please read:
Our latest version of Yammer Dsync is 188.8.131.52 - You can check the “About” section in order to verify that you are using the latest version. Previews versions are not supported. Download it from here: https://technet.microsoft.com/en-us/library/dn799027.aspx
The DSync tool is depended on the Windows Service that is called “Yammer Directory Sync 3.0”. By default the service is running under “Network Service” account. This is the account that runs the LDAP query. In some situations, you will want to change it to run under another account that has access to the deleted object container. Another option is to change the user that runs the LDAP queries during the configuration wizard. We will talk about in more details during the troubleshooting posts.
The configuration files and logs are located C:\ProgramData\Yammer\DirSync. Please note that you might need to change Windows Explorer folder view option to “Show hidden files, folders and drivers” and to remove the checkbox from “Hide extension for known file types”
globalsettings.config.json – This file store you configuration settings; Every change that you will do from the Dsync wizard will be updated in this file. Use this file for advance configuration.
incrementalquerycursors.config.json – Stores the usnchanged value from your AD. Dsync uses this value for incremental syncs by checking what has changed since this parameter had the value that is stored in to this file.
lastvalidation.json – Includes the answer Dsync received from the AD – the information in this file will be sent to Yammer and it include the users that needs to be created or updated and the users that needs to be deleted. Check this file if you think Dsync is missing information, can you see it in that file?
service.log and ui.log – The logs of the tool. Most of the errors will be shown in the UI but the log files will include more detailed information.
NOTE: If you have to open a support ticket for DSync, please include the entire log directory when opening the ticket
The various DLLs and EXE are located under C:\Program Files (x86)\Yammer\Directory Sync
We will walk through the 4.5 steps in the Yammer Dsync wizard
In this step you need to configure the Verified Admin account that will make the changes in the user’s status and information in Yammer. If you are using Yammer SSO or the account is using Office 365 sign in for Yammer, you will need to retrieve a temporary password. For more information, please read: https://support.microsoft.com/en-us/kb/3015691/
This is also the place to configure proxy, if you are using any proxy to access the internet.
Configure the AD Server that you are going to query. It is important that you chose specific AD server and not load balancer because Dsync is using the usnchanged value, and this value is stored per server.
This is also the place to choose if you want to authenticate as a service user or define another user.
Remember: By default the Windows Service is running under ‘network service’. You can keep the setting here to “Authenticate as service user”, but make sure that this user has access to the deleted object container.
This is the place to validate that your settings are good. If you edit the globalsettings.config.json for advance configuration you will need to validate your settings here.
TIP: If you have a syntax error in the globalsettings.config.json the file will be renamed to globalsettings.config.json.old and a new file (with no settings) will be created under globalsettings.config.json. In order to go back to your latest settings - Find and fix the syntax error under the globalsettings.config.json.old file and remove the newly created globalsettings.config.json. Restart the Windows Service and Dsync tool.
This is also the place where you will see errors, the most common one is “The distinguished name configured does not exist”. In most cases, this error means that the user that runs the LDAP query doesn’t have permissions to deleted object container.
If everything is OK, you will see information about the result of the LDAP query. How many users’ needs to created in Yammer and how many will be deleted.
Note: If the user already exist in Yammer under the same email address – Dsync will not create a new user. If the user does not exist – Dsync will create it as a pending users.
For users that needs to be deleted – If the user is active in Yammer – Yammer Dsync will suspend him. If the user is pending in Yammer, Yammer Dsync will delete him.
By default – every user that is created by Dsync will get email invitation from Yammer. When testing and Setting up a new Dsync service, many customers don’t want their users to receive these emails. Contact our support to disable these emails.
Sync (Email Settings)
There are actually two steps under the “Sync” section. In the first one, you need to validate your email settings. Depending on the type of the error and amount of retry that the tool did, we will send alerts to the email address that is configured in this step.
After you have validated your email settings, you are ready for the last step: Sync. Enable the sync and wait for it to run. When the sync is running the status will be “Running”. Between every sync you will see that the status is the next schedule sync. By default we are trying to run new sync every 60 minutes.
More information about Yammer Dsync: https://technet.microsoft.com/en-us/library/dn799027.aspx
We recommend using Office 365 sign-in for Yammer and managing Yammer users across their lifecycle from Office 365 instead of implementing Yammer Directory Sync as described in this article. Yammer Directory Sync is still supported, but it is not being developed further. At some point in the future, an end-of-support date for Yammer Directory Sync will be communicated, and leading up to that date all customers using Yammer Directory Sync will be required to manage Yammer users across their lifecycle from Office 365. See Office 365 sign-in for Yammer and Manage Yammer users across their life cycle from Office 365 for information on how to decide which is the best solution for you.
Abut the writer
Inbar Cizer Kobrinsky is Support Escalation Engineer in the Yammer Support Escalation team