When setting up Directory Synchronization for Office 365 you logon to the Microsoft Online Portal, activate Directory Synchronization and run the Directory Sync tool from the Office 365 portal:

When you click the Download button and run it the following error message is shown:

“Application attempted to perform an operation not allowed by the security policy. To grant this application the required permission, contact your system administrator, or use the Microsoft .NET Framework Configuration tool.

If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will close immediately.

The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure the new source name is unique. Inaccessible logs: Security.”

When you click the Details button more debug information is shown.

This is actually a permissions issue. When you run it directly from the Portal it doesn’t run with elevated privileges and thus cannot access Windows components or resources appropriately.

To work around this, download the setup application, store it on a local disk and run it with elevated privileges.

And By The Way… when installation has finished, do not immediately configure Directory Synchronization. During installation a Security Group called FIMSyncAdmins is created and the Domain Administrator account is added to this group but the only way to get this in effect is to logoff and logon again.

So when you see the following Window, click Cancel, logoff and logon again and start the DirSync tool again using the icon on the desktop.

After logging on you can safely and hopefully successfully continue with the Directory Sync tool configuration Wizard, and don’t forget to start it with elevated privileges (again).