![]() As a possible workaround to this, you could develop a script running as a scheduled task that modifies the cloud password via Remote PowerShell based on the on-premises password expiration. Remote employees that don’t sign into the on-premises Active Directory often will probably like this “feature”, your security team may have a different reaction if they aren’t advised of this configuration in advance. ![]() This means that the password synchronized to the cloud is still valid after the on-premises password expires. When Password Sync is enabled, the cloud password for a synchronized user is set to “never expires”. They don’t necessarily make Password Sync any less viable of a sign-in model but it’s important to “understand what you have”. These scenarios may not apply to your organization or you may have a way to easily workaround them. With Password Sync, there are a few password and account related scenarios that aren’t well documented by Microsoft. I always discuss with my clients the importance of “understanding what you have” when you engage in a service-based offering and never assume that a feature will function exactly the same as it does on-premises. The differences between Password Sync and AD FS are well documented elsewhere, the article “ Choosing a sign-in model for Office 365” is a good start in comparing the two models. ![]() Microsoft added the “Password Sync” option to DirSync in June 2013 and in the past year it has become a viable alternative to AD FS due to its fewer on-premises infrastructure dependencies.
0 Comments
Leave a Reply. |