Solved

Sync O365 and Active Directory Passwords

Posted on 2013-11-07
2
652 Views
Last Modified: 2013-11-07
Hi Experts,

My company is considering migrating from our aging on-premise Exchange server to Exchange online via Microsoft's O365 offering. One of the issues that our consultant has described to us is that when we migrate there isn't a good way to sync passwords with our on-premise active directory server. Essentially, he said there is a way to sync the two, but if the internet connection or domain controller on premise go down, it will kill our email service (which removes one of the biggest benefits of moving to the cloud). Is this the case? Is there a way to sync passwords, without having email dependent completely on the on-premise setup?

I find it difficult to believe large companies would put up with this. I'm hoping my question makes sense and that there's a good way to do this! Thank you for your help!
0
Comment
Question by:ttotus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 42

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 39631901
There are two methods:

1) configure AD FS, which will allow for Single Sign On and better user experience, but will be more dependent on the on-prem infrastructure

2) use only dirsync with password sync, which will allow the users to login with the same password they use on-prem. This scenario is know as Same sign on.

You can read about the differences here:

http://blogs.office.com/b/office365tech/archive/2013/07/26/password-hash-sync-simplifies-user-management-for-office-365.aspx

Both solutions rely on on-prem servers. If the dirsync server goes down, it will still allow you to access the services. If the AD FS server goes down however, you will not be able to login.

For small company, option 2 is probably best. Larger ones will most likely want to take advantage of the benefits SSO offers.

And just to make it clear, AD FS can be configured very easily for LB and HA, so even if a single server (or all servers in a particular site) goes down, the users will still be able to login.
0
 

Author Closing Comment

by:ttotus
ID: 39631984
I really appreciate the quick response. Great information -- Thanks again!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Let's recap what we learned from yesterday's Skyport Systems webinar.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question