Michael's technical ramblings....

Interesting things I've found throughout my technical journey.

Office 365 DirSync Password Synchronization

Office 365 DirSync Password Synchronization

  • Comments 8
  • Likes

Got some great news – Windows Azure Active Directory Sync Agent (DirSync) has a new welcome feature - Password Synchronization - whooohoo.

This is great for hybrid and staged migrations and simplifies things tremendously during these types of migrations.

If you already have DirSync running you’ll need to update it to get the new feature set.

Check out Alex Simons’ blog post here: 

http://blogs.technet.com/b/ad/archive/2013/06/03/making-it-simple-to-connect-windows-server-ad-to-windows-azure-ad-with-password-hash-sync.aspx

Check out TechNet here:

http://technet.microsoft.com/en-us/library/dn246918.aspx

 UPDATE: Some of you might experience issues with password sync and finding the following exception in the event logs: 

Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8440 : The naming context specified for this replication operation is invalid. There was an error calling _IDL_DRSGetNCChanges.

I have been providing the Dev team logs and feedback on the above issue. They are aware of this and are hard at work to determine the root cause.

UPDATE 25 June 2013: The Dev team has informed me that a new version of the DirSync tool is now available for download on the Admin portal - the version number 6411.0007.

Please use this version as it contains the fix for the RPC Error 8440 Exception that was caused in Windows 2003 Domain Controller environments.

See also -

DirSync//WAAD Sync Tool wikihttp://social.technet.microsoft.com/wiki/contents/articles/18096.dirsyncwindows-azure-ad-password-sync-frequently-asked-questions.aspx

DirSync/WAAD Sync Tool release history: http://social.technet.microsoft.com/wiki/contents/articles/18429.windows-azure-active-directory-sync-tool-version-release-history.aspx

Happy DirSync’ing

Michael Hall

Comments
  • Link to Alex Simon's blog doesn't work.

  • Thanks for that, not sure why the URL changed, but I fixed it now.

    Michael

  • Michael,

    Is it possible to use the Set-CoexistenceConfiguration cmdlet and turn on password sync component?

  • Hi Jason,

    You can enable password sync on WAAD by running configuration again or opening DirSyncConfigShell.psc1 and running Enable-MSOnlinePasswordSync

    Hope that helps.

    Michael

  • I wrote a script to show if Password Sync is enabled: mikecrowley.wordpress.com/.../dirsync-determine-if-password-sync-is-enabled

  • When I first read about password sync, the article mentioned that, with password sync enabled, users could change their password in Office 365 and that password would not be overwritten from subsequent syncs. This comes into play for us with mailbox only users who were carried over from our on-prem Exchange server environment who never log onto the domain. As we have further investigates password sync and are planning to deploy it, I am no longer finding documentation supporting this process.

    Is it possible for users to change their Office 365 passwords with password sync enabled instead of through their AD account?

    Kevin

  • When I first read about password sync, the article mentioned that, with password sync enabled, users could change their password in Office 365 and that password would not be overwritten from subsequent syncs. This comes into play for us with mailbox only users who were carried over from our on-prem Exchange server environment who never log onto the domain. As we have further investigates password sync and are planning to deploy it, I am no longer finding documentation supporting this process.

    Is it possible for users to change their Office 365 passwords with password sync enabled instead of through their AD account?

    Kevin

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment