Solved

Sync O365 and Active Directory Passwords

Posted on 2013-11-07
2
633 Views
Last Modified: 2013-11-07
Hi Experts,

My company is considering migrating from our aging on-premise Exchange server to Exchange online via Microsoft's O365 offering. One of the issues that our consultant has described to us is that when we migrate there isn't a good way to sync passwords with our on-premise active directory server. Essentially, he said there is a way to sync the two, but if the internet connection or domain controller on premise go down, it will kill our email service (which removes one of the biggest benefits of moving to the cloud). Is this the case? Is there a way to sync passwords, without having email dependent completely on the on-premise setup?

I find it difficult to believe large companies would put up with this. I'm hoping my question makes sense and that there's a good way to do this! Thank you for your help!
0
Comment
Question by:ttotus
2 Comments
 
LVL 38

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 39631901
There are two methods:

1) configure AD FS, which will allow for Single Sign On and better user experience, but will be more dependent on the on-prem infrastructure

2) use only dirsync with password sync, which will allow the users to login with the same password they use on-prem. This scenario is know as Same sign on.

You can read about the differences here:

http://blogs.office.com/b/office365tech/archive/2013/07/26/password-hash-sync-simplifies-user-management-for-office-365.aspx

Both solutions rely on on-prem servers. If the dirsync server goes down, it will still allow you to access the services. If the AD FS server goes down however, you will not be able to login.

For small company, option 2 is probably best. Larger ones will most likely want to take advantage of the benefits SSO offers.

And just to make it clear, AD FS can be configured very easily for LB and HA, so even if a single server (or all servers in a particular site) goes down, the users will still be able to login.
0
 

Author Closing Comment

by:ttotus
ID: 39631984
I really appreciate the quick response. Great information -- Thanks again!
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now