No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

Password Synchronization

  • I have an Active Directory environment which has 300 users. Because Office 365 is a powerful collaboration solution so I want my information workers to have such a collaboration solution in my organization. What I first have to do is synchronize 300 users to Office 365.


    The question is: How can 300 users use their own passwords to access to Office 365? My understanding is that I must deploy Single Sign-On ( Is it right? If so, I must have two permanent servers:

    • Synchronization server where Directory Synchronization tool is installed in.
    • Identity Trust Provider server where Active Directory Federation Services 2.0 is installed in.

    Are these things above correct?


    Your suggestions are always greatly appreciated.



  • Hello, Thuan Soldier,

    Below i have i provided you with an Overview with the steps on how to successfully deploy a hybrid environment and how to successfully migrate your users. Please let me know if this article answers your questions.

    Kind Regards,
    Mario Novoa,
    O365 Technical Support

  • Hi Thuan,

    Yes at a very high level you need to have a method for syncing your users to Office 365. The best way to do this is to use Directory Synchronization which is a free tool that reads your active Directory and copies the objects into Office 365. You could do a static 1 time upload using a CSV file but it is more difficult to manage that way. The easiest way is to use DirSync then continue to manage your AD accounts locally, which will automatically be updated in Office 365 every time the DirSync service runs (which is every 3 hours by default). For more info on Directory Synchronization take a look here:

    As for passwords, yes if you want your users to have 1 password that is mastered from your Active Directory Environment you need to deploy  ADFS as a single sign-on solution. However, this requires more than 1 server and can scale up to over 4 servers depending on how robust you want your environment to be. At a minimum you need a server in your local AD and one server in the DMZ that acts as an ADFS proxy server. For more information on planning and deploying ADFS take a look here:


  • Hello Thuan Soldier,

    I would like to know if the last information sent to you was useful or helpful.

    If you have additional questions or concerns feel free to post on the forum. I look forward to hear from you soon.

    Best regards,



  • Hi Jorge,

    Is it possible to deploy ADFS to work with O365 using Server 2003?



  • Thilina,

    Do you mean you want to deploy ADFS on a 2003 server? That isn't possible, the minimum requirements for ADFS 2.0 are Windows 2008 or Windows 2008 R2.


  • I have nothing to do with this company, but you should check out MessageOps Password Sync software. You can see it here:

    This will allow you to bypass the need of setting up ADFS.

    1 out of 1 people found this post helpful.

  • Thanks for the replies!

    Harrison, I am looking into this! :)

  • you can also have a look to Cloudanywhere :

    It provisions and synchronizes your passwords with all SAAS applications.

    1 out of 1 people found this post helpful.