What is MessageOps Password Synchronization?
MessageOps Password Synchronization synchronizes your Active Directory password to Microsoft Online. It works by intercepting password change requests in the local Active Directory and then sending them to Microsoft Online.
How does MessageOps Password Synchronization Work?
MessageOps Password Synchronization consists of 3 major parts:
- Password Filter
- Client Service
- Server Service
The Password Filter captures the password within the Local Security Authority (LSA) on the Domain Controllers. The Client Service sends the password request to the Server Service. The Server Service accepts password change requests and sets the password within Microsoft Online.
What are the requirements to run Password Synchronization?
The Client Service and Filter should be installed on all domain controllers in the domain(s) the user accounts reside in.
Requirements:
- .Net 3.5 Framework
- Windows 2003 or higher
- X86 and X64 versions are supported
The Server Service is installed on a single server in an organization and all Password Clients will report to the single Password Server.
Requirements:
- Microsoft Online Migration Tools
- PowerShell 1.0
- .Net 3.5 Framework
Directory Synchronization is no longer required.
What Happens if a User Changes Their Password in Microsoft Online?
If a user changes their password in Microsoft Online, it will not replicate to Active Directory. The synchronization is one way, from AD to Microsoft Online. If the user changes their password in AD, their Microsoft Online password will be reset.
How does Password Synchronization Interact with the Sign In Client?
There is no interaction with the Sign In Client. If the user changes their Active Directory password, which will in turn change their Microsoft Online Password, they will need to enter their new Password in the Sign In Client.
Does the Password Synchronization Enforce Password Policies?
No, you should enable the Password Complexity, Minimum Password Length, and Maximum Password Age Policies on your domain. Password Complexity should be enabled, the Minimum Password Length should be set to 7 or greater, and the Maximum Password Age should be less than 90 days. This will ensure that user’s passwords meet the Microsoft Online Requirements.
What Happens if I Temporarily Lose My Connection to Microsoft Online?
The Password reset information will be queued, and when the connection is re-established, the password changes will be sent to Microsoft Online.
What Happens if a User Changes Their Password Multiples Times in 24 Hours?
Normally a user is only able to change their Microsoft Online password once every 24 hours, however the method used by Password Synchronization to reset the passwords in Microsoft Online, allows for multiple password changes on the same user in a 24 hour window.
How are the Usernames and Passwords Secured?
The usernames and passwords are initially encrypted using Blowfish encryption. The Password Client then transmits them to the Password Server over an AES encrypted session. From the Password Server to Microsoft Online, SSL is used to secure the connection.
Can I Synchronize Passwords for a Subset of Users?
Yes, you can configure an LDAP filter which controls what users are synchronized.
How quickly does the Password reset take effect in Microsoft Online?
In most cases the password reset will take less than 60 seconds.
How is Password Synchronization Licensed?
Password Synchronization is free for all clients that list MessageOps as their Partner of Record. If you already have a partner and don’t want to change the Partner of Record on your account, MessageOps changes a one time fee of $7 per user.
Can I be Notified of Password Reset Failures?
If an error occurs setting the user’s Microsoft Online Password, you can configure the Password Server to send an email to the Administrator notifying them of the failure.
What if I am not Running Directory Synchronization?
UPDATE : Password Synchronization now supports environments without Directory Synchronization.
Connect &
Network with us: