locked
Domain security policy require password change for Office365 users RRS feed

  • Question

  •  

    Hi.

    One of our customer has a local AD set up with password sync to Azure AD.

    Local security policy require passwords to be changed regularly. How can users that mainly use Office 365 online services, change their password and get it synced back to local AD ?

    Thanks

    Best regards

    Bjørn Tore

    Wednesday, August 6, 2014 8:37 AM

Answers

  • Hi,

    Please find the below steps which helps in Configuring the sync of the on premise AD users and passwords to Azure Directory

    • Download the Azure Active Directory Sync Tool
    • Install the Azure Active Directory Sync Tool on a domain controller with Administrative rights

    NOTE : The Azure Active Directory Sync Tool can be installed on a domain joined computer. The sync will fail however if the computer is disabled.

    • On the first Azure Active Directory Sync Setup window, click Next
    • On the next window, Accept the Terms and click Next
    • On the next window, specify the installation path or leave the default and click Next
    • Click Next once the installation is complete
    • On the first Azure Active Directory Sync Configuration Wizard window, click Next
    • On the next window, provide your Microsoft Azure credentials and click Next
    • On the first Azure Active Directory Sync Configuration Wizard window, click Next
    • On the next window, provide your administrative Windows Active Directory credentials and click Next

    Note: It is recommended to use a service administrative account instead of an administrators account should said administrator leave the organization

    • Enable Hybrid Deployment by clicking the provided box click Next

    Note: Various Microsoft Online Services such as Office 365 provide features that work best when certain directory information can be controlled by the online service. Directory objects, such as users, are synchronized from your on-premises directory are modified in the Azure Active Directory. These changes are then written back to your on-premises directory for on-premises applications to consume.  The Directory Sync tool will not be given the permission to modify all attributes in your directory. Only those attributes that can be written back from Azure Active Directory will have permission to be modified. This step is not crucial for this lab however will be required in future labs.

    • Enable Password Sync by clicking the provided box and click Next
    • Click Next to complete the installation
    • Ensure Synchronize your directories is selected and click Finish

    Now completed, your on premise Active Directory is now synced with your Azure Active Directory. 

    In order to Allow End Users to Reset Password, please find the below link which provides step-by-step procedure to perform the same

    http://blogs.technet.com/b/ad/archive/2014/04/29/deep-dive-password-reset-with-on-premise-sync-in-azure-ad-premium.aspx

    ( Refer To Section : How end users can reset a password )

    Hope this helps !

    Regards,

    Sowmya

    • Proposed as answer by Sowmya K R Wednesday, August 6, 2014 10:13 AM
    • Marked as answer by Sowmya K R Thursday, August 7, 2014 3:16 PM
    Wednesday, August 6, 2014 10:13 AM