How to deploy School Data Sync by using OneRoster CSV files

Note: This topic is pre-release documentation and is subject to change in future releases.

You can use OneRoster Comma Separated Value (CSV) files with School Data Sync (SDS) to import and synchronize your Student Information System’s (SIS) student, teacher, school, section, and roster information with Office 365. If you use this sync method, you'll need to export CSV files on the OneRoster format and standard first, and then you can convert them into School Data Sync’s required format, before you then upload the files into School Data Sync and Azure AD.

In this topic:

Before you get started

Before you start synchronizing with SDS using CSV Import, read the Overview of School Data Sync and Classroom.

To complete this process, you must install the Microsoft School Data Sync Toolkit. This tool helps you to convert your CSV export, add, and update your users that are synced between SIS and Office 365, and can also be used to verify the CSV file data. For details, see Install the Microsoft School Data Sync Toolkit.

Make sure you meet the following prerequisites:

  • Your Office 365 tenant must be an Office 365 Education tenant.

  • Synced identities must be licensed for SharePoint Online and Exchange Online. Skype for Business licenses aren't required. Note that OneDrive for Business is provided through the SharePoint Online license.

    If a student or teacher doesn't have the required licenses in Office 365, School Data Sync will still create their profile, but Classroom will not finish provisioning properly for them for any apps they aren't licensed to use.

  • If you're not deploying or utilizing a tenant with synced identities, you can create new cloud identities for teachers and students, and license them for services through SDS.

  • The CSV files that you create must not contain any characters shown in this list of invalid characters.

If you are configuring School Data Sync for a tenant which is synchronized from on-premises Active Directory through AADConnect, you may notice an increase in the number of Disconnectors shown in your miisclient. This is a result of Office 365 Group being unable to synchronize back to the AADConnect Metaverse and on-premises Active Directory. These warnings do not have any negative impact on your current AADConnect deployment, and only provide an informational note on the resultant sync failure. You should expect these warnings in AADConnect after enabling sync in SDS, as one O365 Group is created for each class synchronized through SDS.

Note: The data that you provide through School Data Sync may be accessible to third-party application providers through their apps, so you should sync only the data that you want to make available to these third parties.

Import your CSV files to create your profile

Make sure you've exported your CSV files in the OneRoster format and they're ready to use. Then follow these steps to convert the files and create your sync profile.

  1. Save your OneRoster CSV Files in your C:\temp directory.

  2. Install the School Data Sync toolkit.

  3. Create a subfolder called c:\temp\csvs.

  4. Create a subfolder called c:\temp\sdslogs.

  5. Run the Convert-OneRosterToMicrosoftSDS command, using the syntax below:

    Convert-OneRosterToMicrosoftSDS -onerosterfolderpath “c:\temp” -sdsfolderpath “c:\temp\csvs” -logpath “c:\temp\logs”
  6. Go to your c:\temp\csvs directory and verify the new SDS converted files are present.

  7. In your web browser, go to sds.microsoft.com, and sign in using global admin credentials for your Office 365 Education tenant.

  8. If this is your first time signing in and setting up a profile, choose Set up School Data Sync to create your first sync profile.

    Choose Set up SIS Sync

    After you've completed School Data Sync setup, choose Add Profile to create an additional sync profile.

    Choose Add Profile
  9. Type a profile name in the Enter a name for your profile box.

    Enter a name for your profile
  10. In the Data Extraction section, select CSV Files in the Select data source drop-down menu.

    Select CSV files from the Select data source drop-down
  11. In the Data Extraction section, select either Create new users or Sync existing users.

    Choose either Create new users or Sync existing users
    • Create new users Select this option if you are not syncing identities from your on-premises Active Directory, or the users in scope for sync are not created within Microsoft Azure Active Directory already. This option will create new user accounts for users within the student and teacher CSV Files.

    • Sync existing users Select this option if you are syncing identities from your on-premises Active Directory, or the users in scope for sync are already created in Azure AD. This option will not create new user accounts for users within the student and teacher CSV Files.

  12. If you selected the Create new users option, skip this step. If you selected the Sync existing users option, select the appropriate Students and Teachers Identity match options from the available drop-down menu. This is where you must define how to match the users listed within each CSV to the user account in Azure AD.

    • Identity matching options - Students

      Identity matching options for students

      Select source property This drop-down menu allows you to select the source property within the student csv file to be used for identity matching. Watch the Identity Matching video to review how source, target, and append domain matching logic works, to help determine the appropriate value to select.

      • Secondary Email Optional attribute field which can be included for sync and may also be used for identity matching. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (for example, JohnSmith@contoso.com).

      • Student Number Optional attribute field which can be included for sync and also may be used for identity matching. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters (for example, 1234567).

      • Username Required attribute field which must be included for sync and can be used for identity matching. The appropriate formatting for this attribute is either a string of alphanumeric characters with no spaces or invalid special characters (for example, JohnSmith), or could also be included as a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix. (for example, JohnSmith@contoso.com).

      Select suffix This drop-down menu allows you to append a domain suffix to the source property contained within the student csv file, if needed to complete your identity matching plan. This menu also allows you to select the No Suffix Needed option if the source attribute already contains the required domain suffix (for example, Username with domain suffix included) or the target attribute value does not include a domain suffix (for example, mailNickname). Each domain added to the Office 365 tenant will be displayed in the drop-down menu as an available choice, in addition to the No Suffix Needed option previously mentioned. Watch the Identity Matching video to review how source, target, and append domain matching logic works, to help determine the appropriate value to select

      Select target property This drop-down menu allows you to select the target property within Azure AD to be used for Identity Matching. Watch the Identity Matching video to review how source, target, and append suffix matching logic works, to help determine the appropriate value to select.

      • UserPrincipalName Logon name for the user. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (for example, JohnSmith@contoso.com).

      • Mail PrimarySMTPAddress of the user. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (for example, JohnSmith@contoso.com). While it is suggested, this attribute is not always the same as the UserPrincipalName attribute.

      • mailNickname Exchange Alias of the user. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters (for example, 1234567). While it is recommended, this value is not always unique, so be cautious in selecting this attribute for identity matching and ensure you are always matching to a unique target value.

      Student identity matching matrix:

      In order to match source and target identities, you must select one value from the three choices available in the Select Source drop-down menu, and then define which of the three available target attributes in the Select Target drop-down menu will be an exact match. It is also possible that the source attribute only matches a portion of the target attribute, and requires a domain suffix to be appended to complete the matching logic (for example, JohnSmith source attribute + @contoso.com domain suffix = a match with JohnSmith@contoso.com target attribute). Watch the Identity Matching video to learn about SDS data sync identity matching.

    • Identity matching options - Teachers

      Identity matching options for teachers drop-down

    Select source property This drop-down menu allows you to select the source property within the teacher csv file to be used for identity matching. Watch the Identity Matching video to review how source, target, and append domain matching logic works, to help determine the appropriate value to select.

    • Secondary Email Optional attribute field which can be included for sync and may also be used for identity matching. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (for example, JohnSmith@contoso.com).

    • Teacher Number Optional attribute field which can be included for sync and also may be used for identity matching. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters (for example, 1234567).

    • Username Required attribute field which must be included for sync and can be used for identity matching. The appropriate formatting for this attribute is either a string of alphanumeric characters with no spaces or invalid special characters (for example, JohnSmith), or could also be included as a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix. (for example, JohnSmith@contoso.com).

    Select suffix This drop-down menu allows you to append a domain suffix to the source property contained within the teacher csv file, if needed to complete your identity matching plan. This menu also allows you to select the No Suffix Needed option if the source attribute already contains the required domain suffix (for example, Username with domain suffix included) or the target attribute value does not include a domain suffix (for example, mailNickname). Each domain added to the Office 365 tenant will be displayed in the drop-down menu as an available choice, in addition to the No Suffix Needed option previously mentioned. Watch the Identity Matching video to review how source, target, and append domain matching logic works, to help determine the appropriate value to select

    Select target property This drop-down menu allows you to select the target property within Azure AD to be used for identity matching. Watch the Identity Matching video to review how source, target, and append suffix matching logic works, to help determine the appropriate value to select

    • UserPrincipalName Logon name for the user. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (for example, JohnSmith@contoso.com).

    • Mail PrimarySMTPAddress of the user. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (for example, JohnSmith@contoso.com). While it is suggested, this attribute is not always the same as the UserPrincipalName attribute.

    • mailNickname Exchange Alias of the user. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters (for example, 1234567). While it is recommended, this value is not always unique, so be cautious in selecting this attribute for identity matching and ensure you are always matching to a unique target value.

    Teacher identity matching matrix

    In order to match source and target identities, you must select one value from the three choices available in the Select Source drop-down menu, and then define which of the three available target attributes in the Select Target drop-down menu will be an exact match. It is also possible that the source attribute only matches a portion of the target attribute, and requires a domain suffix to be appended to complete the matching logic (for example, JohnSmith source attribute + @contoso.com domain suffix = a match with JohnSmith@contoso.com target attribute). Watch the Identity Matching video for various examples of matching logic success and failure for sync.

  13. After the Profile Name, Data Extraction Options, and Identity Matching Options are set in place, choose Next.

  14. On the Directory options page, select the appropriate domain for each drop-down list available. If you selected the Sync existing users option in step 11, you will only need to select the appropriate domain for Schools and Sections because all existing students and teachers already have domains associated with their respective user accounts. This domain will be used as the domain suffix for the Office 365 Group created for each section, unless policy is in place to override this domain setting.

    Directory options when syncing existing users

    If you selected the Create new users option in step 11, you will need to select the appropriate domain for Schools and Sections, in addition to a domain for teachers, and a domain for students, as shown below. This domain will be used as the domain suffix for the user account created by SDS, for each user included in the student and teacher csv files.

    Only one domain can be entered for teachers, and one domain for students within a single sync profile. If you have objects of those types which must be spread across multiple domains, you'll have to create a separate profile for each set of users (one sync profile per domain).

    Directory options when syncing new users
  15. If you selected the Create new users option in step 11, you also must select the appropriate SKU to assign to each of the newly created Teachers and Students using the drop-down menus shown below. Each available SKU in your Office 365 tenant will be present in the list. After each user type is selected, choose Next.

    Select the Office 365 SKU assigned to teachers and students
  16. On the Select properties to sync page, select each of the attributes you plan to sync (required and optional) for each CSV file. Each attribute selected on this page should correlate to each attribute header field included in your CSV files. CSV files for School Data Sync details the required attributes (in grey) and optional attributes available for sync, and the formatting requirements for each CSV file. After all of the appropriate attributes are selected on this page, choose Next.

    Select properties to sync
  17. On the Summary page, choose Submit to create the profile.

  18. Under the Profile Collection section of the SDS Portal, select the profile you just created.

  19. Choose Upload Files so you can choose and upload your CSV files. Choose Upload Files

  20. Choose Add Files to select your CSV files to upload, and then choose Upload.

    Selelct your CSV files and then choose Upload

    During the upload process, the CSV files will be validated. If there are errors, they'll be listed so you can correct them and try again.

  21. After the files are uploaded select the Enable Sync option to begin syncing the CSV data to Azure AD.

Video: How to match source and target attributes for sync

For various examples of matching logic success and failure for sync, watch the Identity Matching video.

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

Switching between sync methods

While you can successfully migrate from one sync method to another, we recommend maintaining the sync method initially deployed indefinitely, due to the difficulty associated with maintaining source anchor values through the switch between sync methods. A source anchor is the attribute SDS uses to identify a synced object in both the source and target directory after the initial sync. This source anchor must always be unique, and must never be changed throughout the lifetime of the synced object.

When an organization enables sync, there are 5 objects types that synchronize through School Data Sync. SDS synchronizes Schools, Sections, Students, Teachers, and Rosters. Once an object is successfully synchronized, SDS must keep the object in sync, to continue to synchronize object attribute level updates from the source directory (CSV, Clever, or PowerSchool) to the target directory (Azure AD). The objects types and their corresponding source anchor attributes are detailed below:

Object Type

Source Anchor Attribute (PowerSchool)

Source Anchor Attribute (Clever)

Source Anchor Attribute (CSV)

School

SIS ID

Clever ID

SIS ID

Section

SIS ID

Clever ID

SIS ID

Teacher

SIS ID

Clever ID

SIS ID

Student

SIS ID

Clever ID

SIS ID

Roster

SIS ID (Section) and SIS ID (User)

Clever ID (Section) and Clever ID (User)

Section SIS ID and SIS ID (User)

Once the source anchor is established upon the initial sync, it cannot be changed for the lifetime of the object. This concept is critical if you are considering switching between sync methods. When transitioning from one SDS sync method to another, the source anchor value must always be persisted, to continue to sync each object under the new sync method. Any deviation or change from the original source anchor value will result in objects failing to sync, and the resultant impact is users are unable to access Microsoft Classroom services dependent upon sync.

Transitioning from Clever Sync or PowerSchool Sync to the CSV File method is generally more feasible, as you can manually manipulate the CSV values for each source anchor attribute, to facilitate the transition. Migrating from CSV Sync to PowerSchool or Clever sync method however is generally much more difficult, as the source anchor attributes in these systems cannot be managed or manipulated to accommodate sync and the source anchor attribute persistence required for SDS to keep syncing objects after the switch.

See Also

Overview of School Data Sync and Classroom

CSV files for School Data Sync

School Data Sync required attributes for PowerSchool Sync

How to deploy School Data Sync by using CSV files

How to deploy School Data Sync by using PowerSchool Sync

How to deploy School Data Sync by using Clever Sync

School Data Sync errors and troubleshooting

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!

×