Since I know this is a feature close to the hearts of many of you, I thought I'd share this:
Synchronising passwords with Office 365 - UK Education Cloud Blog - Site Home - MSDN Blogs
Well, I know what I'm doing after lunch!
So as long as my users have a upn suffix that matches our office 365 tenant details and I setup this tool I can sync their on prem passwords into the cloud?
Yep, just done it here and it's working great.
Should I be installing this on the domain controller?
Also what active directory field am I looking to match it with?
Will we be able to use it if our "User Login Name" is different than our email address in AD? Unfortunately our login names use our old .sch.uk addresses
Last edited by zag; 4th June 2013 at 04:05 PM.
It can be installed on a member server. I think you should avoid doing it on a DC since DirSync includes an SQL Server instance, and Microsoft recommend not installing SQL Server on a DC.
It will match on the userPrincipalName attribute, which as you probably know is a combination of the user logon name and suffix as shown at the top of the Account tab of Active Directory Users & Computers.
Ours didn't match originally either, but if you add the UPN suffix that you use on O365 as an alternate in Active Directory Domains and Trusts, you can then assign the 'correct' UPN suffix to users as needed. This should have no side-effects to any on-premises system, unless you have a third party system with shonky AD coding that doesn't read assigned UPN suffixes correctly.
Last edited by AngryTechnician; 4th June 2013 at 03:24 PM.
All we need now is the old live@edu 4.5 SSO kit extended for new Office365 customers and small schools (that can't do ADFS) will have a full solution. What are the possibilitys of that @jamesbmarshall ?
It's a shame 4.5 SSO kit was only extended to December 2014. So still need to move to ADFS at some point before then. Mabey with a bit of luck Microsoft will extend that support and add in support for new educational 365 customers.
Never say never.
Cool... does this negate the need for ADFS then?!
That depends on your needs. The main thing it doesn't get you is the ability to be automatically logged in to cloud services when logged in to an on-premises workstation (true SSO). ADFS can do that.
pantscat (6th June 2013)
Ok - that's very interesting, thanks.
Still trying to work out how/what I need to do to approach our requirements - but I think that's better placed in a new thread!
If you want to create users manually -> Use the Office 365 online Portal
If you want to manually batch import users -> Export an OU to csv and import online
If you want to automatically sync your AD with Office 365 -> DirSync
If you want to automatically login a user without typing in their user credentials -> ADFS
Last edited by zag; 6th June 2013 at 04:21 PM.
madurham (7th June 2013)
Just setting this up. Running the config wizard I get an error 'can't communicate' I know I an using the correct login. I am guessing its firewall related!
Anyone know what ports this uses?
Pretty sure it's just HTTPS 443.
Is the server behind a proxy? If so, check your proxy logs for entries from the server's IP and see what it tells you. You may need to define an authentication exception.
ozydave (10th June 2013)
There are currently 1 users browsing this thread. (0 members and 1 guests)