Bagikan melalui

Office 365 DirSync Password Synchronization

  • Artikel

Got some great news – Windows Azure Active Directory Sync Agent (DirSync) has a new welcome feature - Password Synchronization - whooohoo.

This is great for hybrid and staged migrations and simplifies things tremendously during these types of migrations.

If you already have DirSync running you’ll need to update it to get the new feature set.

Check out Alex Simons’ blog post here: 

https://blogs.technet.com/b/ad/archive/2013/06/03/making-it-simple-to-connect-windows-server-ad-to-windows-azure-ad-with-password-hash-sync.aspx

Check out TechNet here:

https://technet.microsoft.com/en-us/library/dn246918.aspx

 UPDATE: Some of you might experience issues with password sync and finding the following exception in the event logs: 

Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8440 : The naming context specified for this replication operation is invalid. There was an error calling _IDL_DRSGetNCChanges.

I have been providing the Dev team logs and feedback on the above issue. They are aware of this and are hard at work to determine the root cause.

UPDATE 25 June 2013: The Dev team has informed me that a new version of the DirSync tool is now available for download on the Admin portal - the version number 6411.0007.

Please use this version as it contains the fix for the RPC Error 8440 Exception that was caused in Windows 2003 Domain Controller environments.

See also -

DirSync//WAAD Sync Tool wikihttps://social.technet.microsoft.com/wiki/contents/articles/18096.dirsyncwindows-azure-ad-password-sync-frequently-asked-questions.aspx

DirSync/WAAD Sync Tool release history:  https://social.technet.microsoft.com/wiki/contents/articles/18429.windows-azure-active-directory-sync-tool-version-release-history.aspx

Happy DirSync’ing

Michael Hall

Comments

  • Anonymous
    January 01, 2003
    Link to Alex Simon's blog doesn't work.

  • Anonymous
    January 01, 2003
    When I first read about password sync, the article mentioned that, with password sync enabled, users could change their password in Office 365 and that password would not be overwritten from subsequent syncs. This comes into play for us with mailbox only users who were carried over from our on-prem Exchange server environment who never log onto the domain. As we have further investigates password sync and are planning to deploy it, I am no longer finding documentation supporting this process.

    Is it possible for users to change their Office 365 passwords with password sync enabled instead of through their AD account?

    Kevin

  • Anonymous
    January 01, 2003
    Hi Jason, You can enable password sync on WAAD by running configuration again or opening DirSyncConfigShell.psc1 and running Enable-MSOnlinePasswordSync Hope that helps. Michael

  • Anonymous
    January 01, 2003
    Thanks for that, not sure why the URL changed, but I fixed it now. Michael

  • Anonymous
    September 04, 2013
    The comment has been removed

  • Anonymous
    October 22, 2013
    I wrote a script to show if Password Sync is enabled: mikecrowley.wordpress.com/.../dirsync-determine-if-password-sync-is-enabled

  • Anonymous
    June 16, 2014
    Pingback from Office 365 Migration–Notes from a newbie. Or Killer Mistakes I made. | Title (Required)

  • Anonymous
    June 27, 2014
    When I first read about password sync, the article mentioned that, with password sync enabled, users could change their password in Office 365 and that password would not be overwritten from subsequent syncs. This comes into play for us with mailbox only users who were carried over from our on-prem Exchange server environment who never log onto the domain. As we have further investigates password sync and are planning to deploy it, I am no longer finding documentation supporting this process.

    Is it possible for users to change their Office 365 passwords with password sync enabled instead of through their AD account?

    Kevin

  • Anonymous
    May 15, 2015
    Same question. Can a user who has been AD syncd change their password via the Office365 portal?

  • Anonymous
    July 10, 2015
    New sync capabilities in preview: Password Write Back enables users to change password in Office 365 and write back will write back to AD.http://blogs.technet.com/b/ad/archive/2014/04/21/new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-support.aspx

  • Anonymous
    July 28, 2015
    How to determine if an user is synchronized and office 365 is not working ?
    Please advise