ad-assurance - [AD-Assurance] RE: Azure AD DirSync password sync
Subject: Meeting the InCommon Assurance profile criteria using Active Directory
List archive
- From: Eric Goodman <>
- To: "" <>
- Subject: [AD-Assurance] RE: Azure AD DirSync password sync
- Date: Tue, 4 Jun 2013 15:45:04 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport03.merit.edu; dkim=neutral (message not signed) header.i=none
I doubt this tells us much, but there’s a note up earlier in the doc stating: “Active Directory Domain Services that are configured for FIPS are not compatible with the Password Sync feature.” Again, not asserting this implies anything specific, but it may be worth adding to whatever mention we include. --- Eric From: [mailto:]
On Behalf Of Brian Arkills Yesterday, Microsoft released a new version of their DirSync tool. This new version supports password synchronization from your on-premise AD. This allows enterprises that don't want to use federated authentication nor manage two sets of
passwords to have a single password for their users. I think we've talked briefly about this possibility in the past, but my recollection is foggy. In any event, there's some detail at
http://technet.microsoft.com/en-us/library/dn246918.aspx, where a key phrase is: "When synchronizing passwords using the password sync feature, the plain text version of a user’s password is neither exposed to the password sync tool nor to Azure AD or any of the associated services. Additionally, there is no requirement
on the on-premises Active Directory to store the password in a reversibly encrypted format. A digest of the Windows Active Directory password hash is used for the transmission between the on-premises AD and Azure Active Directory. The digest of the password
hash cannot be used to access resources in the customer's on-premises environment." I don't think we should include this scenario in the core portion of the revised cookbook document, but I do think we should mention it and note that those who choose to use this option should consider the implications. -B |
- [AD-Assurance] Azure AD DirSync password sync, Brian Arkills, 06/04/2013
- [AD-Assurance] RE: Azure AD DirSync password sync, Capehart,Jeffrey D, 06/04/2013
- [AD-Assurance] RE: Azure AD DirSync password sync, Eric Goodman, 06/04/2013
- Re: [AD-Assurance] RE: Azure AD DirSync password sync, David Walker, 06/04/2013
Archive powered by MHonArc 2.6.16.