Sunday, September 28, 2014

Trigger a Full Sync of Passwords for DirSync

Normally the only time you need to do a full synchronization of passwords with DirSync is after you install it. By default, when you complete the configuration wizard it performs a full synchronization of passwords. After that point passwords are synchronized only accounts are created or when the password is changed.

One potential issue that can pop up is changed passwords on the Office 365 side. When passwords are synchronized to Office 365, it is still possible to change them in Office 365 for the user account. This is not recommended from a management perspective, but administrators make bad choices once in a while. When this happens the account is out of sync between on-premises and Office 365.

To ensure that all passwords in Office 365 match their on-premises account, you can trigger the same type of full password synchronization that occurs after DirSync is installed. Perform the following steps:
  1. Open a Windows PowerShell prompt.
  2. Type Import-Module DirSync and press Enter.
  3. Type Set-FullPasswordSync and press Enter.
  4. Use the Services console to restart the Federation Identity Manager Synchronization Service.

Note: If you try to use the Restart-Service cmdlet to restart the Federation Identify Manager Synchronization Services, you will need to use the -Force parameter and it will not restart the Windows Azure Active Directory Sync Service properly.

You can verify the synchronization was successful by looking for Event ID 657 in the Application event log that shows the passwords being synchronized.

No comments:

Post a Comment