+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 27 of 27
Cloud Services Thread, Ridiculous Password Requirements for Office 365 email in Technical; As an aside, Google Apps has a similar problem. The requirements aren't as strict (8 characters), but they are a ...
  1. #16

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    As an aside, Google Apps has a similar problem. The requirements aren't as strict (8 characters), but they are a problem for some younger pupils.

    Again, you can ignore them in the admin panel or by syncing a password hash using Google Apps Directory Sync, but if you try to set the password via the normal password change screen, or using the Provisioning API, you have to use 8 chars or more.

    The fact is that neither Office 365 nor Google Apps for Education are actually designed for schools. They are business services that happen to work well for higher education, but have issues in secondary and even more issues in primary.

  2. #17
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,224
    Thank Post
    47
    Thanked 157 Times in 138 Posts
    Rep Power
    47
    NECRO THREAD! Sorry, thought it better to tag on here than make a new one.

    Did you ever find a solution to this? I have just followed the instructions on this how can I disable password complexity and expiration for a particular security group or license type? | Manage Office 365 | Microsoft Office 365 Community page but it no worky!

  3. #18

    Join Date
    Oct 2007
    Location
    Cambridgeshire, UK
    Posts
    306
    Thank Post
    58
    Thanked 23 Times in 20 Posts
    Rep Power
    18
    We (Primary school) don't find passwords an issue once complexity has been disabled but what really makes life hard is having to enter the @domain after the username. Ours is long and this is a deal breaker at the moment.

  4. #19
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,224
    Thank Post
    47
    Thanked 157 Times in 138 Posts
    Rep Power
    47
    Did you disable complexity via powershell? Has it taken effect? It also says that every password reset needs to be done via powershell to be simple. So much hassle! Im now looking into DirSync to sync with my onsite AD.

  5. #20

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,068
    Thank Post
    160
    Thanked 925 Times in 727 Posts
    Blog Entries
    3
    Rep Power
    273
    Hi,

    You can configure your Office 365 to use Simple Passwords, and you can lock this down to 'Groups'. You can met this requirement by running PowerShell CMDLETS. please refer to the following article to install PowerShell and get connected to Office 365.

    Manage Windows Azure AD using Windows PowerShell

    If you want to achieve the requirement for a set of users, you can add the users into a security group. Then run the following command to get object ID for the group.

    Get-MsolGroup
    After that, run the following command to disable strong password for the users in this group.

    Get-MsolGroupMember -groupObjectid <id> | Set-MsolUser -StrongPasswordRequired $False
    =========

    If you want to manage your Password Policy i.e to match your domain password policy then please look at introducing DirSync w/ Password Sync or/ Active Directory Federation Service

    I hope that helps,
    James.

  6. 2 Thanks to EduTech:

    AngryTechnician (12th March 2014), zag (13th March 2014)

  7. #21
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,224
    Thank Post
    47
    Thanked 157 Times in 138 Posts
    Rep Power
    47
    Cheers James, I have ran that to apply to all users. I am just dumbfounded that passwords need to be set through Powershell if they are to be simple!

    Im having trouble now where I run this

    Set-MsolUserPassword –UserPrincipalName [UserPrincipalName]–NewPassword [NewPassword]

    To change the password but I dont know what UserPrincipleName is.

  8. #22

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,068
    Thank Post
    160
    Thanked 925 Times in 727 Posts
    Blog Entries
    3
    Rep Power
    273
    Quote Originally Posted by fairm010 View Post
    Cheers James, I have ran that to apply to all users. I am just dumbfounded that passwords need to be set through Powershell if they are to be simple!

    Im having trouble now where I run this

    Set-MsolUserPassword –UserPrincipalName [UserPrincipalName]–NewPassword [NewPassword]

    To change the password but I dont know what UserPrincipleName is.
    Hi Mate,

    It will be the USER ID in the portal and will be something like FIRSTNAME.LASTNAME@tenant.onmicrosoft.com or @domain.sch.uk /etc

    James.

  9. #23

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    Quote Originally Posted by fairm010 View Post
    Cheers James, I have ran that to apply to all users. I am just dumbfounded that passwords need to be set through Powershell if they are to be simple!
    Microsoft's philosophy for a few years now has been that they don't need to make a GUI for anything except the most common admin tasks. Even the GUI they do have on some newer products is actually just a wrapper that generates and runs PowerShell commands (e.g. Exchange Management Console, which is why it's so slow compared to ADUC).

    It started about the same time Serve Core was introduced. I find it infuriating too, but that's they way it is. It could be worse, Google hide all their best functionality in an API so you have to cut your own code to do anything that isn't in the web admin console.
    Last edited by AngryTechnician; 12th March 2014 at 06:54 PM.

  10. #24
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,224
    Thank Post
    47
    Thanked 157 Times in 138 Posts
    Rep Power
    47
    So their email address? Or something M$ specific?

    Would you recommend using dirsync in this instance? how straight forward is it to get going?

    I don't want to be administering password resets via powershell all the time.

  11. #25

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,068
    Thank Post
    160
    Thanked 925 Times in 727 Posts
    Blog Entries
    3
    Rep Power
    273
    Quote Originally Posted by fairm010 View Post
    So their email address? Or something M$ specific?

    Would you recommend using dirsync in this instance? how straight forward is it to get going?

    I don't want to be administering password resets via powershell all the time.
    You would of set this when you uploaded your users, If you login to the portal > users and groups > the user list will show the 'DisplayName. Username. Status' the Username is the UPN Value.

    In terms of what I would recommend, It's hard to say without knowing more about your organization but Directory Sync is obviously a much more automated way of provisioning user objects in windows azure active directory & updating passwords for a single identity / single set of creds approach.

    James.

  12. #26
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,224
    Thank Post
    47
    Thanked 157 Times in 138 Posts
    Rep Power
    47
    Cheers James, I appreciate your help so much!

    I'm swayed to DirSync but I have a few questions if thats ok?

    1) My email domain schoolname.co.uk is different to my internal domain name schoolname.local. Is this a problem?

    2) All my users have been uploaded using a CSV, will their synced accounts just 'merge' or overwrite?

    3) Can I choose certain OU's that I want to sync?

    4) My users log in in school using smitj001 and I want their email to be smitj001@schoolname.co.uk. Can I tell Dirsync to use their logon name?

    Sorry if this seems basic but I've just had O365 set up for me and I'm new to this. I know @FN-GM has set up DirSync, perhaps you can help?

    Thanks all.

  13. #27

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,068
    Thank Post
    160
    Thanked 925 Times in 727 Posts
    Blog Entries
    3
    Rep Power
    273
    Hi,

    Sure,

    1) no, you will need to add your External Domain as a UPN Suffix in AD Domains & Trusts and then you will be able to set your User Account 'user principal name' in the correct format, which then is populated in O365, generally it will be SAMAccountName@UPN but some people tend to also replace the UPN Prefix to be the Primary SMTP Address as users do not use the UPN to sign-in and so therefore then end up with a UPN that matches the Primary SMTP Address and users still login to a workstation with SAMAccountName.

    2) When you do an initial sync the accounts will soft-match based on various attributes, providing you do not have more than 1 account in AD for each user then generally this won't give you any issues. You can review the follow KB article for guidance How to use SMTP matching to match on-premises user accounts to Office 365 user accounts for directory synchronization

    3) Yes, If you want to implement OU Filtering this is supported with Windows Azure Directory Sync and to find out further information around how to configure this see the following TechNet article: Configure filtering for directory synchronization

    4) As per (1) if you want that to be the case, then you should just leave the UPN attribute for the User Objects (Account Tab) as it is and just change the UPN Suffix to the appropriate domain.

    I hope that answers your questions.

    Regards,
    James.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Office 365 for education A2 now free
    By apearce in forum Cloud Services
    Replies: 1
    Last Post: 16th March 2012, 11:19 AM
  2. Office 365 for education
    By teejay in forum Cloud Services
    Replies: 1
    Last Post: 13th February 2012, 04:32 PM
  3. Replies: 2
    Last Post: 5th February 2012, 01:32 PM
  4. One post required for posting Links and Email
    By primaryt in forum Comments and Suggestions
    Replies: 3
    Last Post: 25th February 2011, 11:54 AM
  5. Replies: 3
    Last Post: 20th October 2010, 09:35 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •