Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sync O365 and Active Directory Passwords

Posted on 2013-11-07
2
Medium Priority
?
656 Views
Last Modified: 2013-11-07
Hi Experts,

My company is considering migrating from our aging on-premise Exchange server to Exchange online via Microsoft's O365 offering. One of the issues that our consultant has described to us is that when we migrate there isn't a good way to sync passwords with our on-premise active directory server. Essentially, he said there is a way to sync the two, but if the internet connection or domain controller on premise go down, it will kill our email service (which removes one of the biggest benefits of moving to the cloud). Is this the case? Is there a way to sync passwords, without having email dependent completely on the on-premise setup?

I find it difficult to believe large companies would put up with this. I'm hoping my question makes sense and that there's a good way to do this! Thank you for your help!
0
Comment
Question by:ttotus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 43

Accepted Solution

by:
Vasil Michev (MVP) earned 2000 total points
ID: 39631901
There are two methods:

1) configure AD FS, which will allow for Single Sign On and better user experience, but will be more dependent on the on-prem infrastructure

2) use only dirsync with password sync, which will allow the users to login with the same password they use on-prem. This scenario is know as Same sign on.

You can read about the differences here:

http://blogs.office.com/b/office365tech/archive/2013/07/26/password-hash-sync-simplifies-user-management-for-office-365.aspx

Both solutions rely on on-prem servers. If the dirsync server goes down, it will still allow you to access the services. If the AD FS server goes down however, you will not be able to login.

For small company, option 2 is probably best. Larger ones will most likely want to take advantage of the benefits SSO offers.

And just to make it clear, AD FS can be configured very easily for LB and HA, so even if a single server (or all servers in a particular site) goes down, the users will still be able to login.
0
 

Author Closing Comment

by:ttotus
ID: 39631984
I really appreciate the quick response. Great information -- Thanks again!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Microsoft has changed the look and feel of Azure AD and Microsoft account sign-in pages so that you will have a more unified look and feel when moving between the two interfaces.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question