Got some great news – Windows Azure Active Directory Sync Agent (DirSync) has a new welcome feature - Password Synchronization - whooohoo.
This is great for hybrid and staged migrations and simplifies things tremendously during these types of migrations.
If you already have DirSync running you’ll need to update it to get the new feature set.
Check out Alex Simons’ blog post here:
Check out TechNet here:
UPDATE: Some of you might experience issues with password sync and finding the following exception in the event logs:
Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8440 : The naming context specified for this replication operation is invalid. There was an error calling _IDL_DRSGetNCChanges.
I have been providing the Dev team logs and feedback on the above issue. They are aware of this and are hard at work to determine the root cause.
UPDATE 25 June 2013: The Dev team has informed me that a new version of the DirSync tool is now available for download on the Admin portal - the version number 6411.0007.
Please use this version as it contains the fix for the RPC Error 8440 Exception that was caused in Windows 2003 Domain Controller environments.
See also -
DirSync//WAAD Sync Tool wiki - http://social.technet.microsoft.com/wiki/contents/articles/18096.dirsyncwindows-azure-ad-password-sync-frequently-asked-questions.aspx
DirSync/WAAD Sync Tool release history: http://social.technet.microsoft.com/wiki/contents/articles/18429.windows-azure-active-directory-sync-tool-version-release-history.aspx
Link to Alex Simon's blog doesn't work.
Thanks for that, not sure why the URL changed, but I fixed it now.
Is it possible to use the Set-CoexistenceConfiguration cmdlet and turn on password sync component?
You can enable password sync on WAAD by running configuration again or opening DirSyncConfigShell.psc1 and running Enable-MSOnlinePasswordSync
Hope that helps.
I wrote a script to show if Password Sync is enabled: mikecrowley.wordpress.com/.../dirsync-determine-if-password-sync-is-enabled
When I first read about password sync, the article mentioned that, with password sync enabled, users could change their password in Office 365 and that password would not be overwritten from subsequent syncs. This comes into play for us with mailbox only
users who were carried over from our on-prem Exchange server environment who never log onto the domain. As we have further investigates password sync and are planning to deploy it, I am no longer finding documentation supporting this process.
Is it possible for users to change their Office 365 passwords with password sync enabled instead of through their AD account?
Same question. Can a user who has been AD syncd change their password via the Office365 portal?