Formerly known as Dirsync, this tool has been updated to allow for the synchronization of local Active Directory passwords to Azure Active Directory. in addition to the syncing of users, groups and contacts. This new feature will allow for Same Sign In with Microsoft cloud services such as Office 365 Education powered by Azure Active Directory since the username and the password from local AD will by synced up to Azure AD.
Where can I get the new Dirsync with Password sync bits?
You can grab the latest version of Dirsync here or it is available in the Office 365 portal under ‘users' and then Dirsync.
What if I am federated and using ADFS and want to switch to Dirsync with Password Sync?
You will need to convert your domain from federated to managed. Using the
convert-msoldomaintostandard –domainname foo.edu –skipuserconversion $false –passwordfile c:\password.txt
Azure AD cmdlet. See here on TechNet for more details. Note: the password file is for dumping all users temporary passwords into.
How can I tell if it is configured correctly for Dirsync with Password Sync?
You should see event ID 656 and 657 in your application event log to show that it is syncing the password hash to the cloud.
What are the advantages of Dirsync with Password Sync vs. ADFS?
There are a couple of advantages of using Dirsync with Password Sync over using ADFS 2.1 with Dirsync:
1) A single server is needed vs. redundant and scaled out ADFS servers.
2) No dependency with on prem hardware/data center – if Dirsync with Password Sync server dies – just replace it. There is no impact accessing cloud services with an onprem outage because the identity is a managed identity in Azure AD vs. a federated identity using ADFS 2.1.
3) No complex ADFS architectures – No ADFS Proxies, load balancers, certificate management are required. It keeps the deployment less complex with fewer moving parts.
What are the disadvantages of Dirsync with Password Sync vs. ADFS?
ADFS 2.1 with federated login provides true Single Sign On (SSO) with Office 365 where as Dirsync with Password Sync allows for Same Sign On which implies users will be prompted for credentials when accessing Office 365 even in domain joined scenarios. ADFS 2.1 also allows for better access control based on IPs, etc.
ليست هناك تعليقات:
إرسال تعليق