Office 365 Password sync
Read here on my (positive) experience of using of Exchange Online (Office 365) for over a year now.
In the current configuration we were using, for each user the password for their emails (Office365) was different from their office network (local Active Directory). Even then there was a way to pass through single sign-on, which meant any user signing in to Office365 the authentication will be done over the internet (secure connection) to our local AD (Active Director) Domain Controller (DC). We didn’t go with this option then, as this would have required us to have our DC servers available all the time, which was not possible in our case. Due to frequent power cuts in Chennai (India) then and temporary Diesel shortage (to run our automatic diesel power generator) we were practicing night time and weekend shutdown of servers in our local development centre. There was no way for Office365 to cache our AD or have a backup AD then.
Recently Microsoft two options to solve this situation and still provide single sign-on. One was to go with Windows Azure Active Directory and sync it with our on-premise AD, then have Azure AD authentic Office 365 users. Second was to use the newly announced Office 365 Password Sync tool (How to implement Password Sync). We decided to go with the second option as it was the easiest, cheaper of the two and fitted our availability requirements. This option allows password of users to be synched (both ways) between our on-premise Active Directory and Office 365, and it doesn’t require our On-Prem servers to be available all the time.
Once we decided implementing it was easy, took our Windows System Engineer just few hours to understand the whole implementation, test it and go live. Our users are loving it, including myself!
Update (29/Nov/2013): After I posted this, our System Engineer Rajesh K, pointed to me a correction. Once you implement Password Sync, Office 365 doesn’t allow users to change their password, they need to change it in their Active Directory (through Windows client or other options). On exception to this, organization’s Office 365 Administrators can reset a user’s password which will get synced back to Active Directory.