Sign up for Office 365
Learn more about Office 365
Just to add something to my first reply.
Since the password of the local AD users cannot synchronize to Office 365 via DirSync, the synced users need to be activated (setting location and assigning licenses) by clicking Activate synced users on Domain page. After that, you need to reset the synced users’ password to get a temporary password to let them to sign in Office 365.
Moreover, if the synced users' password needs to be reset, administrator needs to do it at Office 365, instead of local AD. As a result, in users’ credentials management level, deploying ADFS and Single Sign-On is recommended.
In addition, If you have any other questions or concerns for the issue, please do not hesitate to contact us. It is always our pleasure to be of assistance.
I'm writing to follow up my previous reply.
If you need further assistant on this issue, please feel free to post back.
Yes still you required.
Do you want to manage the user’s attributes at local AD without installing ADFS?
If so, Sriram is correct. In this case, Yes.
If you don’t install ADFS, the user synchronized from local AD to Office 365 cannot sign in Office 365.
I understand that the recommendation is for SSO. I also understand that without SSO the password for Office 365 will need to be managed from the online webpage. The only reason they want Dirsync is so they do not have to manually add/modify user information. They are happy to manage passwords in 2 places. So I am still unsure if Federated Services is required?
If it is required, can someone explain why?
Hi jlavergne - hope all is well..
To add to the above responses & Claud's 2nd post -- yes -- you can set up dirsync without ADFS. Claud was clarifying in his 2nd post that if you do this, you'll have to separately manage the password - as you note in your last post.
So - net/net - you can do dirsync without ADFS - just means you have manual processes to manage.
Feel free to drop me a line & I can review more details.
Hope this helps,
Thanks for your feedback and the information Bleeker provided.
I understand that your customer just needs to modify and synchronize users’ information without managing password at local AD. If this is the case, you can use DirSync without ADFS as Bleecker mentioned.