Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1646
  • Last Modified:

Synchronize Live@Edu passwords with Active Directory

I am trying out Microsoft's Live@Edu service and would like to know if there is a way to obtain the Live@Edu mailbox account passwords, with PowerShell maybe?  Microsoft allows institutions to synchronize their on-premises Active Directory to Live@Edu but not the other way around so I was thinking if I could extract the password attribute from Live@Edu I could maybe put together a PowerShell script to synchronize the Live@Edu passwords with my on-premises Active Directory.  This would help me avoid having to deal with password resets.
0
sobrienmsm
Asked:
sobrienmsm
  • 6
  • 4
  • 3
4 Solutions
 
AkhaterCommented:
No you can't, the password at live@edu is encrypted and you cannot get it. the only supported way is, just like you said it, to sync from your AD to live@edu
0
 
Glen KnightCommented:
The only way to do it is to use Forefront Identity Manager.
See here: http://www.microsoft.com/windowsserver2008/en/us/ida-identity-lifecycle-management.aspx
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
AkhaterCommented:
@demazter he wants it the other way around, from live to AD and not from AD to live.

it cannot be done
0
 
Glen KnightCommented:
I am not sure 100% I am working on a project with an education provider at the moment and this is the product that has been suggested.
The Sync as far as I am aware is both ways, I may well be wrong (it has been known).

0
 
sobrienmsmAuthor Commented:
How does an institution then allow a student to reset their forgotten passwords?

Students can reset their passwords in Outlook Live, but doesn't it then get replaced with the Active Directory password once the next OLSync sync operation is performed?

Given students can reset their mailbox passwords in Outlook Live, and the fact that we can't extract the password from the Live@Edu Exchange 2010 servers, how does an academic institution deal with resetting forgotten passwords?
0
 
AkhaterCommented:
reseting password all happen in one place AD and OLSync will replicate with Outlook Live.

OLSync only allows sync from On Premises to Outloook live
0
 
sobrienmsmAuthor Commented:
Can the ability to reset your password ("Forgot your password" link) be turned off in Outlook Live (https://outlook.com)?

Students shouldn't be allowed to reset and/or change their Outlook Live passwords via Outlook Live if Outlook Live can only be managed through an on-premises Active Directory.
0
 
AkhaterCommented:
yes you can

Block Password Reset
You can now control your users’ ability to reset their password. To access this capability, sign in to the SMP and click on Domains.
0
 
sobrienmsmAuthor Commented:
Would this also block their ability to fill in the password reset information such as, an alternative email address, a mobile number, security questions, etc?

I would still want our students to reset their passwords on their own and have this new password recorded in Active Directory.  How would we then allow the students to reset a forgotten password on our end?  I suppose through a web portal maybe, using LDAP, and the Password Change Notification Service (PCNS) to have it synchronized back to Outlook Live?  Would anyone happen to have some simple code for this?  

At this point, I am looking for an automated password reset solution that I can apply here on my on-premises Active Directory and then have replicated to Outlook Live through OLSync.  A solution I can implement through a web portal.
0
 
AkhaterCommented:
you will need to use the self service password reset of ILM or something like that
this will not allow users to change or reset password on outlook live
0
 
sobrienmsmAuthor Commented:
Yes, but I could install the Password Change Notification Service (PCNS) on Active Directory to push out any password changes to Outlook Live through OLSync.  If I'm not mistaken, I believe this is what some institutions have set up.
0
 
AkhaterCommented:
this is the only way to do it as far as i know

i have done live@edu integration and microsoft input for password sync was to disable password changes on outlook live, implement self service portal on fim to reset passwords and let olsync sync passwords
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 6
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now