Ask the Community
Groups
Password Sync Client and Server Connection to Office 365 Accounts - Connect IT Community | Kaseya
<main> <article class="userContent"> <p>PROBLEM:</p> <p>How are the domain users that are found in the domain controller able to change the password of users in Office 365. </p> <p> </p> <p>SOLUTION:</p> <p>First follow the instructions in the link below to set up Password Sync Client and Password Sync Server.</p> <p><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.zendesk.com%2Fentries%2F102185123">https://kaseya.zendesk.com/entries/102185123</a></p> <p>After following the instructions to set up Password Sync Client and Password Sync Server in the above link, the instructions below can be followed to have a specific Active Directory user sync up with a specific Office 365 user.</p> <p> </p> <p>AD users can sync with Office 365 users by 2 ways: Mail Attribute or User Principal</p> <p> </p> <p>1 - Mail Attribute</p> <p>In the Domain Controller it is possible to add the Office 365 email address in the "Mail" attribute as shown below. </p> <div>It’s important to note that the way the application matches the source user to the Office 365 is based on the mail attribute on the user account. The mail attribute is visible on the General Tab of the User Properties in the Email field. So ensure the email address of the account exists in Office 365. After you reset the password on the account, review the Password Client Log tab for the results. If all is successful, you should see similar log entries in the Password Server Log. </div> <div></div> <p><img src="/attachments/token/EWCsOj1sxB1xolf3SpmHrnRfk/?name=mailAttribute.png" alt="mailAttribute.png" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p>2 - User Principal</p> <p>The User Principal can be used instead. The user principal option can be selected in the Password Client Admin instead of the Mail Attribute as shown above. Then the User Principal on the domain controller must match that on the Office 365 account as shown below.</p> <p><img src="/attachments/token/CGTUFOJCmm4NWFvCId8FJWaTB/?name=userPrincipalName.png" alt="userPrincipalName.png" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p>Note: For both options above, as a test if nothing is logged in the Password Client logs after a Password is reset (and the Password Client Service is started), then chances are the Domain Controllers were not rebooted after the installation of the Password Client Service.</p> </article> </main>