+ Post New Thread
Results 1 to 15 of 15
Cloud Services Thread, Office 365 Password Requirements in Technical; Hi, With Office 365 how do the password requirements work with Synced Accounts please? Are they ignored when you have ...
  1. #1

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,821
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444

    Office 365 Password Requirements

    Hi,

    With Office 365 how do the password requirements work with Synced Accounts please? Are they ignored when you have Synced AD accounts?

    Thanks
    Last edited by FN-GM; 12th February 2014 at 06:33 PM.

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,331
    Thank Post
    622
    Thanked 1,578 Times in 1,415 Posts
    Rep Power
    413
    I set my fine grained password policy to match the O365 requirement i.e 8 chars, upper & lower case and numbers.

    Allthough Implement Password Synchronization says

    When you enable password sync, the password complexity policies configured in the on-premises Active Directory override any complexity policies that may be defined in the cloud for synchronized users. This means any password that is valid in the customer's on-premises Active Directory environment can be used for accessing Azure AD services.
    Ben

  3. Thanks to plexer from:

    FN-GM (12th February 2014)

  4. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,821
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Thanks for that, the user can change the password in Office 365, so i should set it to the same as my AD anyway.

  5. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,821
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Hi @plexer we have setup dirsync with passwords. The AD passwords will only work in 365 once we have reset the passwords in AD. This says just tell the users to reset the passwords - How to troubleshoot password synchronization when using the Windows Azure Active Directory Sync tool

    Did you have this? How did you get around this please?

  6. #5
    Cache's Avatar
    Join Date
    Apr 2008
    Location
    Cumbria
    Posts
    1,202
    Thank Post
    449
    Thanked 173 Times in 170 Posts
    Blog Entries
    3
    Rep Power
    63
    If I get a password which has fallen out of sync (it normally happened after moving a user into a Synced OU from outside a Synced OU I think) I followed the steps in this (can't find the KB I pulled it from, but the steps are the same): How to: Force Password Synchronization between an onPremise Active Directory and Microsoft Online Services / Windows Azure AD - Knowledge eXchange
    This suggests you can do it using Powershell however: DirSync/Windows Azure AD Password Sync Frequently Asked Questions - TechNet Articles - United States (English) - TechNet Wiki

  7. Thanks to Cache from:

    FN-GM (12th February 2014)

  8. #6

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,821
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Thanks @Cache that fixed it!

    Do the passwords sync with DIRSYNC? or is there something else going on for password sync? As DIRSYNC is every 3 hours, it will take 3 hours for a user to get into 365 again after a password reset.

    Thanks

  9. #7
    Cache's Avatar
    Join Date
    Apr 2008
    Location
    Cumbria
    Posts
    1,202
    Thank Post
    449
    Thanked 173 Times in 170 Posts
    Blog Entries
    3
    Rep Power
    63
    Dirsync controls the password sync, but it monitors AD for password changes and uploads them as soon as they occur (hence resetting passwords works). So any password changes you should be ok with and it's always worked pretty reliably with us.

    The only times I've had to force a full sync was when I was reorganising AD and taking users which didn't use to be synced and adding them to a new OU which was. Dirsync successfully created it but the password din't work until it had been changed.

    The other little caveat I've found and not quite pinpointed exaclty, I don't think the password will work within Office 365 if the user hasn't logged on internally before. I'm not sure whether this is all related to the same thing, some little quirk or something wrong with the way ours works. People change passwords on first logon anyway so as a double check that always fixes things.
    Last edited by Cache; 12th February 2014 at 09:11 PM.

  10. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,821
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Cheers, thats all i need really.

    Thanks for the password sync. I am just wondering why it didn't sync when i first synced all user accounts.

  11. #9

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,331
    Thank Post
    622
    Thanked 1,578 Times in 1,415 Posts
    Rep Power
    413
    When you first sync a user account it doesn't know the password for the users, when a user resets their password it's also send to the password change notification service that dirsync installs and is then hashed and sent to the cloud.

    Ben

  12. #10

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,037
    Thank Post
    160
    Thanked 908 Times in 712 Posts
    Blog Entries
    3
    Rep Power
    270
    Hi,

    Office 365 Password Requirements are in terms of length "8 characters minimum and 16 characters maximum" if you use Password Sync then your OnPremise Active Directory Policy overrides this so in theory you could actually have a very weak password if your AD policy on-premise allows that.

    The passwords are sent to Office 365, The password is sent hashed and then the hash is then hashed again and then it is sent to Azure AD :-)

    If you have any questions around this let me know, think the guys covered a lot above.

    James.

  13. #11

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,921
    Thank Post
    860
    Thanked 1,431 Times in 984 Posts
    Blog Entries
    47
    Rep Power
    614
    Quote Originally Posted by Cache View Post
    The other little caveat I've found and not quite pinpointed exaclty, I don't think the password will work within Office 365 if the user hasn't logged on internally before. I'm not sure whether this is all related to the same thing, some little quirk or something wrong with the way ours works. People change passwords on first logon anyway so as a double check that always fixes things.
    This, and also if you force your users to reset their password after 90 days (or whatever) - when the password change comes up, it stops logging in via mail.office365.com until they have logged on a machine and hit the "you must change your password" error. This has recently been a pain in the wotsit for my missus on maternity leave, she logged in last night for the first time in ages and had >1000 emails to sort!

  14. #12
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,134
    Thank Post
    47
    Thanked 146 Times in 128 Posts
    Rep Power
    45
    FN-GM, do you have to set up AD Federation and all that stuff or is it as simple as installing DirSync?

  15. #13

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,821
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Quote Originally Posted by fairm010 View Post
    FN-GM, do you have to set up AD Federation and all that stuff or is it as simple as installing DirSync?
    At the moment I have got it all working with DirSync. Usernames and passwords in Office 365 are the same as AD. I am going to use ADFS but not just yet.

  16. #14

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,821
    Thank Post
    873
    Thanked 1,675 Times in 1,458 Posts
    Blog Entries
    12
    Rep Power
    444
    Quote Originally Posted by fairm010 View Post
    FN-GM, do you have to set up AD Federation and all that stuff or is it as simple as installing DirSync?
    At the moment I have got it all working with DirSync. Usernames and passwords in Office 365 are the same as AD. I am going to use ADFS but not just yet.

  17. #15
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,134
    Thank Post
    47
    Thanked 146 Times in 128 Posts
    Rep Power
    45
    Cheers, i'll look into it now.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 26
    Last Post: 12th March 2014, 11:36 PM
  2. Office 365 Password sync issue
    By MrWu in forum Cloud Services
    Replies: 2
    Last Post: 14th November 2013, 06:30 PM
  3. Google Docs and Office 365 trainers required
    By ass17 in forum Cloud Services
    Replies: 17
    Last Post: 23rd October 2013, 09:34 AM
  4. PSA: DirSync & Password Sync now available for Office 365
    By jamesbmarshall in forum Cloud Services
    Replies: 31
    Last Post: 19th June 2013, 04:01 PM
  5. Office 365 - Turn off strong password
    By tj2419 in forum Cloud Services
    Replies: 0
    Last Post: 8th October 2012, 08:59 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •