Export (0) Print
Expand All

DirSync with Password Sync

Published: October 28, 2013

Updated: March 20, 2015

Applies To: Azure, Office 365, Windows Intune

Password sync is an extension to the Directory Sync Scenario. With directory sync, you can manage the entire lifecycle of your cloud user and group accounts using your on-premise Active Directory management tools.

When password sync is enabled on your directory sync computer, your users will be able to sign into Microsoft cloud services, such as Office 365, Dynamics CRM, and Windows InTune, using the same password as they use when logging into your on-premises network. When your users change their passwords in your corporate network, those changes are synchronized to the cloud.

To synchronize a password, the Directory Sync tool extracts the user password hash from the on-premises Active Directory. Additional security processing is applied to the password hash before it is synchronized to Azure AD. The actual data flow of the password synchronization process is similar to the synchronization of user data such as First Name or Title, as shown in the following diagram. Passwords are synchronized more frequently than other directory data.

Directory sync with password sync scenario

It is important to note that this feature does not provide a full single sign-on (SSO) solution because there is no token sharing / exchange in the Password Sync based process.

Implementing directory sync in your environment introduces a variety of impactful benefits to your environment:

  • Reduced operational costs – Resetting passwords represents an expensive helpdesk operation. You can reduce the number of password reset requests by reducing the number of different passwords a user needs to maintain in your environment. Synchronizing the passwords of your already existing on-premise users and your Azure AD users is a method to do this.

  • Improved productivity - Reducing the number of passwords a user needs to maintain to gain access to corporate assets increases the amount of time corporate assets are accessible.

If so, we recommend that you start by following the steps provided in Implement Password Synchronization.

If you have not installed directory sync in your environment yet, you should first read Directory Sync Scenario.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft