?
Solved

DirSync - Office365 filter

Posted on 2014-01-31
4
Medium Priority
?
509 Views
Last Modified: 2014-02-09
I am using Office365 integrated with Microsoft DirSync (Directory Synchronization). I am using the password synchronization feature and it Works great

Now I want to bypass/filter password syncronization for few users in my network. This is because they are Office365 users only (They don't use Active Directory Accounts inside the network). So they need to change their passwords throw the Office365 Portal

How can I filter the password synchronization feature for these few users?
0
Comment
Question by:Schnell Solutions
  • 2
4 Comments
 
LVL 45

Expert Comment

by:Vasil Michev (MVP)
ID: 39826406
Can you please double-check your post, it doesn't really make much sense. Why would you need to filter them if the don't have AD accounts? :)

Here are the instructions just in case:

http://technet.microsoft.com/en-us/library/jj710171.aspx

You can also use the WAAD PowerShell module to change the password of a synchronized user.
0
 
LVL 14

Author Comment

by:Schnell Solutions
ID: 39826585
Hello Vasilcho,

I want to centrally adminístrate all the users properties using Active Directory. I just want to avoid password synchronization for few of them. In this way, I will be able to créate and edit my users from the Internet network. For the case of these few users, as far as they don't use computers inside the domain, when they need to change their passwords they won't be able to make it. However, if the password attribute for them is not synchronizing, them they will be able to change it logging in throw Office365

Any one knows what I need to do in order to filter "just" password syncronization for few users?
0
 
LVL 45

Accepted Solution

by:
Vasil Michev (MVP) earned 1500 total points
ID: 39826772
No, there isn't such option:

http://social.technet.microsoft.com/wiki/contents/articles/18096.dirsyncwindows-azure-ad-password-sync-frequently-asked-questions.aspx#Can_I_control_which_passwords_synchronize_to_the_cloud

The only exception to that is when you have federated users (AD FS), but in such scenario you again manage the passwords on-prem, so it is of no use to you.

You can always submit a feedback to request this as a feature in next versions of dirsync trough your Microsoft Partner or from here:

http://g.microsoftonline.com/0BX11EN/135
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39834743
Unfortunately, this is one of the drawbacks of DirSync -- users cannot change their password online.  Which means that Office365 ONLY users are unable to change their passwords.  This is because sync is ONE-WAY (on-prem ----> cloud) so any changes to their PW's in the cloud will be overwritten by the on-prem settings.

There are a couple of work-around tools to allow for online password changes:

ForeFront Identity Manager
SysOp Tools Password Reset Pro

The other option is to deploy a virtual Windows 7/8 machine that these users can access via RDP -- but that is a bit cumbersome when they just need to change an expiring password.

Jeff
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes Top 9 Exchange troubleshooting utilities that every Exchange Administrator should know. Most of the utilities are available free of cost. List of tools that I am going to explain in this article are:   Microsoft Remote Con…
Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question