Jun 10, 2011

How To Sync Domain Passwords With Microsoft Online

I have mentioned in previous posts that at my new company we are using Microsoft's Business Productivity Online Services or BPOS for short. It's basically Microsoft's own hosted Exchange service but also includes OCS, SharePoint and Live Meeting. It's a pretty cool solution for small businesses and is actually way more cost effective than running your own Exchange server, SharePoint server etc.

So the problem with Microsoft Online is that with their current version their hosted solution is completely separate from your active directory. Now, they do have a tool where you can sync AD accounts, but that's where it stops. The passwords are different, aliases, groups etc are all different. They also have their own password expiration policy so it is really easy for users to get out of sync and have to start using two passwords. One for AD services, and one for Microsoft Online.

 A company by the name of MessageOps has developed a free tool that allows for password syncronization from active directory to BPOS. The tool is called MessageOps Microsoft Online Password Syncronization. To set it up is really easy, just do the following:

  • Install the Client Service on all your domain controllers, and point them to the Password Sync Server
  • Install the Password Sync service on a 32bit member server
  • Install the Microsoft online Migration Tools on the Password Sync Server
  • Open Services.msc and change the logon for the Password Sync service to use a domain user account
  • On the Powershell tab of the Password Sync tool, use your Microsoft Online Service admin account credentials
  • Make sure you login to the server as the domain service account once, and open Internet Explorer (Don't ask)

MessageOps BPOS Password Sync

    That's it, now when a user changes their password, the client service on the domain controllers will pick up the change and send the new password encrypted to the Password Sync server. From there the Password Sync server will create an encrypted session with Microsoft Online and verify the user exists. I the user exists, then the password will be updated on BPOS as well! BOOM!

    Microsoft BPOS will soon be called Office 365 which will include features based on Microsoft's 2010 product line, and will also include active directory federation. Until then though, you can can use the free tool from MessageOps!

    del.icio.us tags:          

    Twitter Delicious Facebook Digg Stumbleupon Favorites More

    Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam