?
Solved

Synchronize Live@Edu passwords with Active Directory

Posted on 2010-11-22
13
Medium Priority
?
1,641 Views
Last Modified: 2012-05-10
I am trying out Microsoft's Live@Edu service and would like to know if there is a way to obtain the Live@Edu mailbox account passwords, with PowerShell maybe?  Microsoft allows institutions to synchronize their on-premises Active Directory to Live@Edu but not the other way around so I was thinking if I could extract the password attribute from Live@Edu I could maybe put together a PowerShell script to synchronize the Live@Edu passwords with my on-premises Active Directory.  This would help me avoid having to deal with password resets.
0
Comment
Question by:sobrienmsm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
13 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 2000 total points
ID: 34196691
No you can't, the password at live@edu is encrypted and you cannot get it. the only supported way is, just like you said it, to sync from your AD to live@edu
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34196700
The only way to do it is to use Forefront Identity Manager.
See here: http://www.microsoft.com/windowsserver2008/en/us/ida-identity-lifecycle-management.aspx
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 49

Expert Comment

by:Akhater
ID: 34196791
@demazter he wants it the other way around, from live to AD and not from AD to live.

it cannot be done
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34196855
I am not sure 100% I am working on a project with an education provider at the moment and this is the product that has been suggested.
The Sync as far as I am aware is both ways, I may well be wrong (it has been known).

0
 

Author Comment

by:sobrienmsm
ID: 34196924
How does an institution then allow a student to reset their forgotten passwords?

Students can reset their passwords in Outlook Live, but doesn't it then get replaced with the Active Directory password once the next OLSync sync operation is performed?

Given students can reset their mailbox passwords in Outlook Live, and the fact that we can't extract the password from the Live@Edu Exchange 2010 servers, how does an academic institution deal with resetting forgotten passwords?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 34196980
reseting password all happen in one place AD and OLSync will replicate with Outlook Live.

OLSync only allows sync from On Premises to Outloook live
0
 

Author Comment

by:sobrienmsm
ID: 34197038
Can the ability to reset your password ("Forgot your password" link) be turned off in Outlook Live (https://outlook.com)?

Students shouldn't be allowed to reset and/or change their Outlook Live passwords via Outlook Live if Outlook Live can only be managed through an on-premises Active Directory.
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 2000 total points
ID: 34197094
yes you can

Block Password Reset
You can now control your users’ ability to reset their password. To access this capability, sign in to the SMP and click on Domains.
0
 

Author Comment

by:sobrienmsm
ID: 34197241
Would this also block their ability to fill in the password reset information such as, an alternative email address, a mobile number, security questions, etc?

I would still want our students to reset their passwords on their own and have this new password recorded in Active Directory.  How would we then allow the students to reset a forgotten password on our end?  I suppose through a web portal maybe, using LDAP, and the Password Change Notification Service (PCNS) to have it synchronized back to Outlook Live?  Would anyone happen to have some simple code for this?  

At this point, I am looking for an automated password reset solution that I can apply here on my on-premises Active Directory and then have replicated to Outlook Live through OLSync.  A solution I can implement through a web portal.
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 2000 total points
ID: 34197382
you will need to use the self service password reset of ILM or something like that
this will not allow users to change or reset password on outlook live
0
 

Author Comment

by:sobrienmsm
ID: 34197449
Yes, but I could install the Password Change Notification Service (PCNS) on Active Directory to push out any password changes to Outlook Live through OLSync.  If I'm not mistaken, I believe this is what some institutions have set up.
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 2000 total points
ID: 34197778
this is the only way to do it as far as i know

i have done live@edu integration and microsoft input for password sync was to disable password changes on outlook live, implement self service portal on fim to reset passwords and let olsync sync passwords
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question