Cloud Services Thread, Ridiculous Password Requirements for Office 365 email in Technical; As an aside, Google Apps has a similar problem. The requirements aren't as strict (8 characters), but they are a ...
15th September 2012, 02:05 PM #16
As an aside, Google Apps has a similar problem. The requirements aren't as strict (8 characters), but they are a problem for some younger pupils.
Again, you can ignore them in the admin panel or by syncing a password hash using Google Apps Directory Sync, but if you try to set the password via the normal password change screen, or using the Provisioning API, you have to use 8 chars or more.
The fact is that neither Office 365 nor Google Apps for Education are actually designed for schools. They are business services that happen to work well for higher education, but have issues in secondary and even more issues in primary.
12th March 2014, 05:35 PM #17
NECRO THREAD! Sorry, thought it better to tag on here than make a new one.
Did you ever find a solution to this? I have just followed the instructions on this how can I disable password complexity and expiration for a particular security group or license type? | Manage Office 365 | Microsoft Office 365 Community page but it no worky!
12th March 2014, 06:05 PM #18
We (Primary school) don't find passwords an issue once complexity has been disabled but what really makes life hard is having to enter the @domain after the username. Ours is long and this is a deal breaker at the moment.
12th March 2014, 06:08 PM #19
Did you disable complexity via powershell? Has it taken effect? It also says that every password reset needs to be done via powershell to be simple. So much hassle! Im now looking into DirSync to sync with my onsite AD.
12th March 2014, 06:18 PM #20
You can configure your Office 365 to use Simple Passwords, and you can lock this down to 'Groups'. You can met this requirement by running PowerShell CMDLETS. please refer to the following article to install PowerShell and get connected to Office 365.
Manage Windows Azure AD using Windows PowerShell
If you want to achieve the requirement for a set of users, you can add the users into a security group. Then run the following command to get object ID for the group.
After that, run the following command to disable strong password for the users in this group.
Get-MsolGroupMember -groupObjectid <id> | Set-MsolUser -StrongPasswordRequired $False
If you want to manage your Password Policy i.e to match your domain password policy then please look at introducing DirSync w/ Password Sync or/ Active Directory Federation Service
I hope that helps,
2 Thanks to EduTech:
AngryTechnician (12th March 2014), zag (13th March 2014)
12th March 2014, 06:24 PM #21
Cheers James, I have ran that to apply to all users. I am just dumbfounded that passwords need to be set through Powershell if they are to be simple!
Im having trouble now where I run this
Set-MsolUserPassword –UserPrincipalName [UserPrincipalName]–NewPassword [NewPassword]
To change the password but I dont know what UserPrincipleName is.
12th March 2014, 06:48 PM #22
Originally Posted by fairm010
It will be the USER ID in the portal and will be something like FIRSTNAME.LASTNAME@tenant.onmicrosoft.com or @domain.sch.uk /etc
12th March 2014, 06:52 PM #23
Microsoft's philosophy for a few years now has been that they don't need to make a GUI for anything except the most common admin tasks. Even the GUI they do have on some newer products is actually just a wrapper that generates and runs PowerShell commands (e.g. Exchange Management Console, which is why it's so slow compared to ADUC).
Originally Posted by fairm010
It started about the same time Serve Core was introduced. I find it infuriating too, but that's they way it is. It could be worse, Google hide all their best functionality in an API so you have to cut your own code to do anything that isn't in the web admin console.
Last edited by AngryTechnician; 12th March 2014 at 06:54 PM.
12th March 2014, 06:57 PM #24
So their email address? Or something M$ specific?
Would you recommend using dirsync in this instance? how straight forward is it to get going?
I don't want to be administering password resets via powershell all the time.
12th March 2014, 07:00 PM #25
You would of set this when you uploaded your users, If you login to the portal > users and groups > the user list will show the 'DisplayName. Username. Status' the Username is the UPN Value.
Originally Posted by fairm010
In terms of what I would recommend, It's hard to say without knowing more about your organization but Directory Sync is obviously a much more automated way of provisioning user objects in windows azure active directory & updating passwords for a single identity / single set of creds approach.
12th March 2014, 07:21 PM #26
Cheers James, I appreciate your help so much!
I'm swayed to DirSync but I have a few questions if thats ok?
1) My email domain schoolname.co.uk is different to my internal domain name schoolname.local. Is this a problem?
2) All my users have been uploaded using a CSV, will their synced accounts just 'merge' or overwrite?
3) Can I choose certain OU's that I want to sync?
4) My users log in in school using smitj001 and I want their email to be email@example.com. Can I tell Dirsync to use their logon name?
Sorry if this seems basic but I've just had O365 set up for me and I'm new to this. I know @FN-GM has set up DirSync, perhaps you can help?
12th March 2014, 11:36 PM #27
1) no, you will need to add your External Domain as a UPN Suffix in AD Domains & Trusts and then you will be able to set your User Account 'user principal name' in the correct format, which then is populated in O365, generally it will be SAMAccountName@UPN but some people tend to also replace the UPN Prefix to be the Primary SMTP Address as users do not use the UPN to sign-in and so therefore then end up with a UPN that matches the Primary SMTP Address and users still login to a workstation with SAMAccountName.
2) When you do an initial sync the accounts will soft-match based on various attributes, providing you do not have more than 1 account in AD for each user then generally this won't give you any issues. You can review the follow KB article for guidance How to use SMTP matching to match on-premises user accounts to Office 365 user accounts for directory synchronization
3) Yes, If you want to implement OU Filtering this is supported with Windows Azure Directory Sync and to find out further information around how to configure this see the following TechNet article: Configure filtering for directory synchronization
4) As per (1) if you want that to be the case, then you should just leave the UPN attribute for the User Objects (Account Tab) as it is and just change the UPN Suffix to the appropriate domain.
I hope that answers your questions.
By apearce in forum Cloud Services
Last Post: 16th March 2012, 11:19 AM
By teejay in forum Cloud Services
Last Post: 13th February 2012, 04:32 PM
By Arthur in forum Downloads
Last Post: 5th February 2012, 01:32 PM
By primaryt in forum Comments and Suggestions
Last Post: 25th February 2011, 11:54 AM
By DaveP in forum Cloud Services
Last Post: 20th October 2010, 09:35 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)