I started with Office 365 beginning of 2015 using DirSync. Around Fall, I added Okta and setup Provisioning with Office 365.
A few weeks ago we began noticing that people removed from Distro groups were being added back in, and some users info was mysteriously being modified... we never tracked down the source but disabled DirSync (which had been running the whole time) and the weirdness stopped.
We now have an issue where info from Okta doesnt sync to Dirsync, error message is below.
What I am not fully understanding is do I need DirSync and Okta AD Sync both running in my environment. If so, is there a best practices setup method.
1. Failing validateCompanyDirSync since status not ENABLED or PENDING_ENABLED, status=Disabled,
2. Unable to provision user USERNAME@DOMAIN.COM to Office 365, because Directory Sync value of Disabled in Azure Active Directory is unsupported. Please visit the Azure Active Directory portal and set Directory Sync state to Activated and retry
I checked in on this similiar issue months ago. It is my understanding you cannot run both. I would highly recommend just using Okta provisioning over DirSync. If you have provisioning enabled for Office 365, it should be synching accounts directly from Okta and pushed up into Office 365.
Jeff is correct in that you should not run both an on-premises directory sync (AADConnect,DirSync,AADSync) as well as utilizing Okta Provisioning (Default or Extended).
Depending on what method of Okta provisioning you have chosen (Default or Extended), the setting in Office 365 for 'Directory Sync' will be different. Details of these settings are included in https://support.okta.com/help/articles/Knowledge_Article/Office365-Deployment-Guide#Provisioningto365.
From the sounds of things, you may be using Extended provisioning but since enabling it, have Disabled 'Directory Synchronization' in the Office 365 portal (something Okta would turn on for you when first configuring it). As a result, you are getting the error and advice in 2 above.