Office 365 DirSync Password Synchronization


Got some great news – Windows Azure Active Directory Sync Agent (DirSync) has a new welcome feature - Password Synchronization - whooohoo.

This is great for hybrid and staged migrations and simplifies things tremendously during these types of migrations.

If you already have DirSync running you’ll need to update it to get the new feature set.

Check out Alex Simons’ blog post here: 

http://blogs.technet.com/b/ad/archive/2013/06/03/making-it-simple-to-connect-windows-server-ad-to-windows-azure-ad-with-password-hash-sync.aspx

Check out TechNet here:

http://technet.microsoft.com/en-us/library/dn246918.aspx

 UPDATE: Some of you might experience issues with password sync and finding the following exception in the event logs: 

Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8440 : The naming context specified for this replication operation is invalid. There was an error calling _IDL_DRSGetNCChanges.

I have been providing the Dev team logs and feedback on the above issue. They are aware of this and are hard at work to determine the root cause.

UPDATE 25 June 2013: The Dev team has informed me that a new version of the DirSync tool is now available for download on the Admin portal - the version number 6411.0007.

Please use this version as it contains the fix for the RPC Error 8440 Exception that was caused in Windows 2003 Domain Controller environments.

See also -

DirSync//WAAD Sync Tool wikihttp://social.technet.microsoft.com/wiki/contents/articles/18096.dirsyncwindows-azure-ad-password-sync-frequently-asked-questions.aspx

DirSync/WAAD Sync Tool release history: http://social.technet.microsoft.com/wiki/contents/articles/18429.windows-azure-active-directory-sync-tool-version-release-history.aspx

Happy DirSync’ing

Michael Hall

Comments (11)

  1. Link to Alex Simon's blog doesn't work.

  2. Anonymous says:

    When I first read about password sync, the article mentioned that, with password sync enabled, users could change their password in Office 365 and that password would not be overwritten from subsequent syncs. This comes into play for us with mailbox only
    users who were carried over from our on-prem Exchange server environment who never log onto the domain. As we have further investigates password sync and are planning to deploy it, I am no longer finding documentation supporting this process.

    Is it possible for users to change their Office 365 passwords with password sync enabled instead of through their AD account?

    Kevin

  3. Hi Jason,

    You can enable password sync on WAAD by running configuration again or opening DirSyncConfigShell.psc1 and running Enable-MSOnlinePasswordSync

    Hope that helps.

    Michael

  4. Thanks for that, not sure why the URL changed, but I fixed it now.

    Michael

  5. Jason Pope (MCS) says:

    Michael,

    Is it possible to use the Set-CoexistenceConfiguration cmdlet and turn on password sync component?

  6. Anonymous says:

    Pingback from Office 365 Migration–Notes from a newbie. Or Killer Mistakes I made. | Title (Required)

  7. Kevin Nielsen says:

    When I first read about password sync, the article mentioned that, with password sync enabled, users could change their password in Office 365 and that password would not be overwritten from subsequent syncs. This comes into play for us with mailbox only
    users who were carried over from our on-prem Exchange server environment who never log onto the domain. As we have further investigates password sync and are planning to deploy it, I am no longer finding documentation supporting this process.

    Is it possible for users to change their Office 365 passwords with password sync enabled instead of through their AD account?

    Kevin

  8. Anthony says:

    Same question. Can a user who has been AD syncd change their password via the Office365 portal?

  9. lisa says:

    New sync capabilities in preview: Password Write Back enables users to change password in Office 365 and write back will write back to AD.

    http://blogs.technet.com/b/ad/archive/2014/04/21/new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-support.aspx

  10. Onkar Deshpande says:

    How to determine if an user is synchronized and office 365 is not working ?
    Please advise

Skip to main content