Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1644
  • Last Modified:

Synchronize Live@Edu passwords with Active Directory

I am trying out Microsoft's Live@Edu service and would like to know if there is a way to obtain the Live@Edu mailbox account passwords, with PowerShell maybe?  Microsoft allows institutions to synchronize their on-premises Active Directory to Live@Edu but not the other way around so I was thinking if I could extract the password attribute from Live@Edu I could maybe put together a PowerShell script to synchronize the Live@Edu passwords with my on-premises Active Directory.  This would help me avoid having to deal with password resets.
0
sobrienmsm
Asked:
sobrienmsm
  • 6
  • 4
  • 3
4 Solutions
 
AkhaterCommented:
No you can't, the password at live@edu is encrypted and you cannot get it. the only supported way is, just like you said it, to sync from your AD to live@edu
0
 
Glen KnightCommented:
The only way to do it is to use Forefront Identity Manager.
See here: http://www.microsoft.com/windowsserver2008/en/us/ida-identity-lifecycle-management.aspx
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
AkhaterCommented:
@demazter he wants it the other way around, from live to AD and not from AD to live.

it cannot be done
0
 
Glen KnightCommented:
I am not sure 100% I am working on a project with an education provider at the moment and this is the product that has been suggested.
The Sync as far as I am aware is both ways, I may well be wrong (it has been known).

0
 
sobrienmsmAuthor Commented:
How does an institution then allow a student to reset their forgotten passwords?

Students can reset their passwords in Outlook Live, but doesn't it then get replaced with the Active Directory password once the next OLSync sync operation is performed?

Given students can reset their mailbox passwords in Outlook Live, and the fact that we can't extract the password from the Live@Edu Exchange 2010 servers, how does an academic institution deal with resetting forgotten passwords?
0
 
AkhaterCommented:
reseting password all happen in one place AD and OLSync will replicate with Outlook Live.

OLSync only allows sync from On Premises to Outloook live
0
 
sobrienmsmAuthor Commented:
Can the ability to reset your password ("Forgot your password" link) be turned off in Outlook Live (https://outlook.com)?

Students shouldn't be allowed to reset and/or change their Outlook Live passwords via Outlook Live if Outlook Live can only be managed through an on-premises Active Directory.
0
 
AkhaterCommented:
yes you can

Block Password Reset
You can now control your users’ ability to reset their password. To access this capability, sign in to the SMP and click on Domains.
0
 
sobrienmsmAuthor Commented:
Would this also block their ability to fill in the password reset information such as, an alternative email address, a mobile number, security questions, etc?

I would still want our students to reset their passwords on their own and have this new password recorded in Active Directory.  How would we then allow the students to reset a forgotten password on our end?  I suppose through a web portal maybe, using LDAP, and the Password Change Notification Service (PCNS) to have it synchronized back to Outlook Live?  Would anyone happen to have some simple code for this?  

At this point, I am looking for an automated password reset solution that I can apply here on my on-premises Active Directory and then have replicated to Outlook Live through OLSync.  A solution I can implement through a web portal.
0
 
AkhaterCommented:
you will need to use the self service password reset of ILM or something like that
this will not allow users to change or reset password on outlook live
0
 
sobrienmsmAuthor Commented:
Yes, but I could install the Password Change Notification Service (PCNS) on Active Directory to push out any password changes to Outlook Live through OLSync.  If I'm not mistaken, I believe this is what some institutions have set up.
0
 
AkhaterCommented:
this is the only way to do it as far as i know

i have done live@edu integration and microsoft input for password sync was to disable password changes on outlook live, implement self service portal on fim to reset passwords and let olsync sync passwords
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 6
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now