Solved

Sync O365 and Active Directory Passwords

Posted on 2013-11-07
2
648 Views
Last Modified: 2013-11-07
Hi Experts,

My company is considering migrating from our aging on-premise Exchange server to Exchange online via Microsoft's O365 offering. One of the issues that our consultant has described to us is that when we migrate there isn't a good way to sync passwords with our on-premise active directory server. Essentially, he said there is a way to sync the two, but if the internet connection or domain controller on premise go down, it will kill our email service (which removes one of the biggest benefits of moving to the cloud). Is this the case? Is there a way to sync passwords, without having email dependent completely on the on-premise setup?

I find it difficult to believe large companies would put up with this. I'm hoping my question makes sense and that there's a good way to do this! Thank you for your help!
0
Comment
Question by:ttotus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 41

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 39631901
There are two methods:

1) configure AD FS, which will allow for Single Sign On and better user experience, but will be more dependent on the on-prem infrastructure

2) use only dirsync with password sync, which will allow the users to login with the same password they use on-prem. This scenario is know as Same sign on.

You can read about the differences here:

http://blogs.office.com/b/office365tech/archive/2013/07/26/password-hash-sync-simplifies-user-management-for-office-365.aspx

Both solutions rely on on-prem servers. If the dirsync server goes down, it will still allow you to access the services. If the AD FS server goes down however, you will not be able to login.

For small company, option 2 is probably best. Larger ones will most likely want to take advantage of the benefits SSO offers.

And just to make it clear, AD FS can be configured very easily for LB and HA, so even if a single server (or all servers in a particular site) goes down, the users will still be able to login.
0
 

Author Closing Comment

by:ttotus
ID: 39631984
I really appreciate the quick response. Great information -- Thanks again!
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question