Yammer Directory Sync: You don’t have authorization to add the below users


This post is the second post about Yammer Directory Sync. In this post we will describe a common error that admins will see on their first attempt to sync users. The error itself will be shown in the DSync tool and will be available in more details under the service.log. More information about how to setup a sync find the log is found in our first post – Introduction to Yammer Directory Sync.

ERROR [2015-06-05 15:27:14,463] – Error(s) occurred during synchronization:
You don’t have authorization to add the below users because their primary emails are different from admin domain […]

The error will contain the list of users that we failed to sync to the network due to their email address. This error will cause the sync to fail, so we will not sync any user until the problem is fixed.

Users that their email address is different form the domains of the network are considered as guest users. For security reasons, it is not possible to synchronize guest users.

If you want to verify which domains are listed under your network, login to your network as Verified Admin and go to the Admin Panel. Select Users and then go to “Invite Guests” page. This page contains the list of domain that are already part of your network.

 
There are several ways to resolve this issue:

If you are the owner of these domains and you want to sync these users

If you own these domains and you have verified them on Office 365, you can ask a domain or network merge. In a network merge we will add these domains into your primary network. Once this task is completed and the domains are part of your network – You will be able to sync these users. In order to do a network merge, please open a support ticket.

If you don’t own these domains or you don’t want to sync these users

Our recommendation is to edit the LDAP query and filter it according the domains in your network. By default this is the query in the globalsettings.config.json
        {
          "Id": "9c87d8ec-e7a4-4940-84f5-492f44f2af7d",
          "Filter": "mail=*",
          "ShowDeleted": false
        },
Assuming you have only contoso.com in your network – update this query as follow:
        {
          "Id": "9c87d8ec-e7a4-4940-84f5-492f44f2af7d",
          "Filter": "mail=*@contoso.com",
          "ShowDeleted": false
        },
 If you have more than one domain, you can edit the query to include multiple domains:
        {
          "Id": "9c87d8ec-e7a4-4940-84f5-492f44f2af7d",
          "filter": "(|(mail=*@contoso.com)(mail=*@fabrikam.com))"
          "ShowDeleted": false
        },
Note: The GUID under "ID" is a unique value, generated by Yammer Dsync tool. Avoid copying this GUID into your file, use the GUID that was already generated in your file or generate a new GUID. 

How to edit the globalsettings.config.json:

For every change that you make in this file – follow these steps: 

  1. Close the Yammer DSync desktop tool
  2. Stop the Yammer service: Start > Run > Services.msc > locate “Yammer Directory Synchronization 3.0” > Stop
  3. Make changes in the global configuration file and save the file.
  4. Start the Yammer service: Start > Run > Services.msc > locate “Yammer Directory Synchronization 3.0” > Start
  5. Start the Yammer DSync desktop tool (Click on “Try again” if needed) > Enable the sync

Invite Guest users

Assuming that you still want to invite the user to your network, you can do it from the network itself from the “Invite Guests” page or using bulk update.

More Info

More information about Yammer Directory Sync: https://technet.microsoft.com/en-us/library/dn799027(v=office.15).aspx
Previews Posts: Introduction to Introduction to Yammer Directory Sync.

We recommend using Office 365 sign-in for Yammer and managing Yammer users across their lifecycle from Office 365 instead of implementing Yammer Directory Sync as described in this article. Yammer Directory Sync is still supported, but it is not being developed further. At some point in the future, an end-of-support date for Yammer Directory Sync will be communicated, and leading up to that date all customers using Yammer Directory Sync will be required to manage Yammer users across their lifecycle from Office 365. See Office 365 sign-in for Yammer and Manage Yammer users across their life cycle from Office 365 for information on how to decide which is the best solution for you.

Abut the writer

Inbar Cizer Kobrinsky is Support Escalation Engineer in the Yammer Support Escalation team.

Comments (3)

  1. Rakesh Rawat says:

    I have not tried this yet… but it looks like this is a great post…

  2. eli says:

    Note: The GUID under "ID" is a unique value, generated by Yammer Dsync tool. Avoid copying this GUID into your file, use the GUID that was already generated in your file or generate a new GUID.

    or generate a new GUID : but how to ? (i need to ad more than 3 domains)

  3. sarah says:

    Sorry it’s not relating to this post but I was wondering if you can mark all emails as read in bulk to move them out of the inbox.
    I have thousands siting in there and want to start fresh as the previous person did not read many.
    Thank you

Skip to main content