DirSync with Password Sync - Account Expiry

Similar Messages

• Dirsync with password sync - write-back?

  DirSync with Password sync. Can it be configured to write-back password changes to on-premise AD? If not, the passwords on Azure AD are quickly going to go out of sync with the the on-premise AD. A user changes their password remotely using Office 365 comes
  back into the office and find they have to use their old password to log onto the computer but their new password to access email/sharepoint/lync etc.. Messy.
  Thanks
  Lewiss101

  Password write-back (Cloud -> on-premises) is currently not on the roadmap.
  There are two important points to consider:
  Passwords synchronized to Office 365 never expire.
  With Password Sync enabled, users are no longer offered to change their passwords in Office 365. Password changes must be initiated on-premises.
  What this means, is that remote users will only be able to change their password against your Active Directory (through VPN or FIM portal for example). Such change will be synced with Office 365.
  What this also means, is that if your on-premises password expires, your user will still be able to access Office 365 resources with their current password - until such time when they get back to your on-premises AD and change their password, which
  again will then by synchronized.
  Does this cover your requirements?
  Yann

• Password reset problem with Password sync and Waveset exception

  Hi,
  We are using IdM 5 SP 5 with password sync installed on ad.
  Once a user tries to change password by using Ctrl-Alt-Del, password sync intercepts the requests and then invoke an IdM change user password form, but on the log we see the following exceptions. Can anyone identity what are the nature/reason for the exceptions?
  [#|2005-08-17T16:22:14.914-0400|INFO|sun-appserver-ee8.1|javax.enterprise.system.stream.out|_ThreadID=24;|
  WavesetException: Constructor threw an exception.
  ==> java.lang.reflect.InvocationTargetException:
  ==> Missing required argument "operator". |#]
  [#|2005-08-17T16:22:14.917-0400|WARNING|sun-appserver-ee8.1|javax.enterprise.system.stream.err|_ThreadID=24;|com.waveset.util.WavesetException: Constructor threw an exception.
  ==> java.lang.reflect.InvocationTargetException:
  ==> Missing required argument "operator".
  at com.waveset.util.WavesetException.checkBreakpoint(WavesetException.java:366)
  at com.waveset.util.WavesetException.<init>(WavesetException.java:159)
  at com.waveset.util.Reflection.throwInstantiation(Reflection.java:266)
  at com.waveset.util.Reflection.instantiate(Reflection.java:350)
  at com.waveset.expression.ExNew.eval(ExNew.java:144)
  at com.waveset.expression.ExNode.evalToObject(ExNode.java:439)
  at com.waveset.expression.ExFunction$f_list.eval(ExFunction.java:2557)
  at com.waveset.expression.ExNode.evalToObject(ExNode.java:439)
  at com.waveset.object.Property.getValue(Property.java:232)
  at com.waveset.object.AbstractViewHandler.getFormOptions(AbstractViewHandler.java:166)
  at com.waveset.view.ChangeUserPasswordViewer.refreshView(ChangeUserPasswordViewer.java:168)
  at com.waveset.view.PasswordViewer.checkinView(PasswordViewer.java:258)
  at com.waveset.server.ViewMaster.checkinView(ViewMaster.java:629)
  at com.waveset.session.LocalSession.checkinView(LocalSession.java:660)
  at com.waveset.rpc.GenericMessageHandler.doCheckin(GenericMessageHandler.java:1491)
  at com.waveset.rpc.GenericMessageHandler.syncUserPassword(GenericMessageHandler.java:2639)
  at sun.reflect.GeneratedMethodAccessor177.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.waveset.rpc.GenericMessageHandler.request(GenericMessageHandler.java:350)
  at com.waveset.rpc.SimpleRpcHandler.doRequest(SimpleRpcHandler.java:164)
  at com.waveset.rpc.SimpleRpcHandler.doRequest(SimpleRpcHandler.java:128)
  at org.openspml.server.SOAPRouter.doPost(SOAPRouter.java:500)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:767)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:264)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
  at com.sun.enterprise.web.connector.httpservice.HttpServiceProcessor.process(HttpServiceProcessor.java:221)
  at com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2072)
  Wrapped exception:
  java.lang.reflect.InvocationTargetException
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
  at com.waveset.util.Reflection.instantiate(Reflection.java:334)
  at com.waveset.expression.ExNew.eval(ExNew.java:144)
  at com.waveset.expression.ExNode.evalToObject(ExNode.java:439)
  at com.waveset.expression.ExFunction$f_list.eval(ExFunction.java:2557)
  at com.waveset.expression.ExNode.evalToObject(ExNode.java:439)
  at com.waveset.object.Property.getValue(Property.java:232)
  at com.waveset.object.AbstractViewHandler.getFormOptions(AbstractViewHandler.java:166)
  at com.waveset.view.ChangeUserPasswordViewer.refreshView(ChangeUserPasswordViewer.java:168)
  at com.waveset.view.PasswordViewer.checkinView(PasswordViewer.java:258)
  at com.waveset.server.ViewMaster.checkinView(ViewMaster.java:629)
  at com.waveset.session.LocalSession.checkinView(LocalSession.java:660)
  at com.waveset.rpc.GenericMessageHandler.doCheckin(GenericMessageHandler.java:1491)
  at com.waveset.rpc.GenericMessageHandler.syncUserPassword(GenericMessageHandler.java:2639)
  at sun.reflect.GeneratedMethodAccessor177.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.waveset.rpc.GenericMessageHandler.request(GenericMessageHandler.java:350)
  at com.waveset.rpc.SimpleRpcHandler.doRequest(SimpleRpcHandler.java:164)
  at com.waveset.rpc.SimpleRpcHandler.doRequest(SimpleRpcHandler.java:128)
  at org.openspml.server.SOAPRouter.doPost(SOAPRouter.java:500)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:767)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:264)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:178)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
  at com.sun.enterprise.web.connector.httpservice.HttpServiceProcessor.process(HttpServiceProcessor.java:221)
  at com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2072)
  Caused by: java.lang.IllegalArgumentException: Missing required argument "operator".
  at com.waveset.object.AttributeCondition.confirmMembers(AttributeCondition.java:436)
  at com.waveset.object.AttributeCondition.<init>(AttributeCondition.java:370)
  at com.waveset.object.AttributeCondition.<init>(AttributeCondition.java:408)
  ... 38 more
  |#]
  [#|2005-08-17T16:22:14.918-0400|INFO|sun-appserver-ee8.1|javax.enterprise.system.stream.out|_ThreadID=24;|
  XPRESS <new> exception:|#]
  [#|2005-08-17T16:22:14.918-0400|INFO|sun-appserver-ee8.1|javax.enterprise.system.stream.out|_ThreadID=24;|
  com.waveset.util.WavesetException: Constructor threw an exception.
  ==> java.lang.reflect.InvocationTargetException:
  ==> Missing required argument "operator". |#]
  Thanks,
  David

  If thjis is a reproducible problem log a support case with the traces and have them figure it out for you.
  WilfredS

• DirSync + PwdSync - Passwords not syncing, error 611 Unable to open connection to domain

  Hello Everyone.
  I've installed and configured DirSync with Password Sync (PwdSync) in a forest with 4 domains.
  I'm using the most recent DirSync installation at the date of this post, 6475.0007.
  The domain structure is
  Parent Domain
  - Child Domain 1
  -- 'Grand' Child Domain 1
  - Child Domain 2
  I am successfully syncing users from Child Domain 1 only. I'm using container filtering to sync only 1 selected OU at this stage while I'm testing before deployment.
  User's in the selected OU are syncing and AD details are correct. To filter out the domains I didn't want to sync, I had to create an empty OU in each domain and select to sync it. Also in each domain I had to create an account with the
  same username and password as the Enterprise account I set up for DirSync.
  I enabled Password Sync while using the Windows Azure Active Directory Configuration tool.
  After a full sync I receive a 611 error in the Application Log, source Directory Synchronization.
  Password synchronization failed for domain: child1.domain.com . Details:
  Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Unable to open connection to domain:
  child1.domain.com .
  Error: There was an error creating the connection context. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: There was an error creating the connection context. --->
  Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsSecurityException:
  RPC Error 5 : Access is denied. Error creating DRS context handle.
  It appears that it's not enough to tick the box to enable Password Sync.
  I got a successful sync only after I did the following:
  On the DirSync server, opened C:\Program Files\Windows Azure Active Directory Sync\DirSyncConfigShell.psc1
  Run the command Enable-MSOnlinePasswordSync
  Log in with the Enterprise Admin credentials for the forest
  Run the command Start-OnlineCoExistenceSync to begin a sync
  I verified the password sync worked successfully with my synced users.
  Maybe I missed something in the instructions but I only tried this after reading a blog post by Jethro Seghers. Thanks Jethro!

  Your 4 steps are essentially already included during the normal setup wizard process, with the exception of #3.  Because DirSync runs as a service, you logging in to windows as an enterprise admin is not required.  It is possible however that
  there were replication or other delays in your multi-domain environment. 
  Mike Crowley | MVP
  My Blog --
  Planet Technologies

• Password sync even with AD FS?

  If we implemented AD FS for use with Intune/SCCM and DirSync, does password sync also need to be enabled?
  As I understand DirSync is required for Intune when SCCM is used, even if AD FS is implemented, but what about Password sync?

  No, not if you have ADFS stood up and federation with configured with Azure AD.
  Yes, DirSync must be used to populate Azure AD which Intune in turn uses.
  Ultimately, you are asking about where user's will authenticate against. With ADFS and federation, they will authenticate against your internal AD. Without ADFS and federation, they need to authenticate against Azure AD and so you must use password sync
  so that they can use the same password as they do internally. I guess strictly speaking, you could get away without having password sync enabled, but then how would the users know what password to use?
  Jason | http://blog.configmgrftw.com

• I can't access my sync account. It rejects the password. I change the password so that computer #2 can logon - now computer #1 can't logon. This not a fun game!

  1) Set up Notebook with new sync account. Worked great!
  2) Installed Sync on Desktop. Selected existing sync account. Password was rejected. Reset password on notebook. (waited a day) Password was rejected. Reset password on Desktop - it was accepted.
  3) Notebook is now unable to connect to sync account - password rejected. rejected "new" password as well. Notebook wants me to enter a new password! What's the deal? I have another notebook to add Sync to - but there's no point until I can get 1&2 up.

  You will need to contact the customer services for the email service that was hacked and try to convince them that your account has been hacked.
  There are a number of ways that they get access to the password. One of the most common is by phishing, you are presented with a bogus site that looks like the login page for the email service/site and you enter your login details. This is frequently done by sending an email to you saying that you need to log into the site or need to confirm your details.
  To makes sure that your computer is not infected with malware, try running several malware scanners. It is best to run several as each will pick up things that the others miss. Some scanners you can try are:
  * [http://www.malwarebytes.org/mbam.php Malwarebytes]
  * [http://www.superantispyware.com/ SUPERAntiSpyware]
  * [http://www.lavasoft.com/products/ad_aware_free.php Ad-Aware]
  * [http://www.microsoft.com/windows/products/winfamily/defender/default.mspx Windows Defender]
  * [http://www.safer-networking.org/en/home/index.html Spybot S&D]

• How can I re-link firefox to sync account if I haven't paired another device yet?

  I synced the pc to the firefox server but before I pair another device I had to reinstall firefox with a clean installation. How can I connect to the account that I've created for the synchronization without having any other device to give me codes?
  Thanks

  That "key" is in Firefox on devices linked with that Sync account. Since you only had one device setup, and have completely removed Firefox from that device your Sync key is gone. Without that key your data is useless, it is the encryption algorithm for your data while that data is off your devices.

• When trying to but in app purchases I get an error that says "iTunes password and account is not synced with the email address"!  How can I fix this?

  I try and buy in app purchases but it won't let me and gives me the above error message: "iTunes password and account is not synced with the email address"!  How can I fix this?

  Are you running modified software on your phone?  This error seems to be common if the firmware has been modified and you're trying to restore the phone again. 

• I created a sync account with no problem, but then when I try to use it, it keeps telling me I have the wrong password or user name, even after I changed the password. It did this after I created a new account, too.

  Every time I try to use my sync account, it informs me that "Sync encountered an error while connecting: Incorrect account name or password. Please try again." I tried changing my password. I even made a new account. It still does the same thing.

  If the old ID is yours, and if your current ID was created by editing the details of this old ID (rather than being an entirely new ID), go to https://appleid.apple.com, click Manage my Apple ID and sign in with your current iCloud ID.  Click edit next to the primary email account, change it back to your old email address and save the change.  Then edit the name of the account to change it back to your old email address.  You can now use your current password to turn off Find My iDevice, even though it prompts you for the password for your old account ID. Then save any photo stream photos that you wish to keep to your camera roll.  When finished go to Settings>iCloud, tap Delete Account and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud).  Next, go back to https://appleid.apple.com and change your primary email address and iCloud ID name back to the way it was.  Now you can go to Settings>iCloud and sign in with your current iCloud ID and password.

• Mail won't sync with my .mac account - won't accept password

  I have a MacBook running the OS X 10.6.8.  Recently I have found that I cannot sync my Mail with my .mac account.  I can log on through the internet to iCloud and read emails (I know my password is valid), but when I try to get them synced to my Mail account it won't accept the password.  It looks like this may be a conflict with Mail not being updated to iCloud, but I am unsure.  I have not found an update that will update the Mail to link with iCloud.  My computer is also not new enough to update to the new Lion OS.  Am I stuck?  This has been very discouraging and I have been wasting hours of valuable time trying to figure out how to fix this.

  Did you turn on iCloud Drive by any chance? If so, then until Yosemite comes out, you won't be able to sync your documents and data to your Mac:
  iCloud Drive FAQ
  Sorry...
  GB

• My ipad has stopped updating apps. It doesn't even ask for password, it just oges to the apps screen showing empty progress bars. I've re-synced account and restarted but with no luck. Other than deleting the apps is there anyway around this?

  My ipad has stopped updating apps. It doesn't even ask for password, it just oges to the apps screen showing empty progress bars. I've re-synced account and restarted but with no luck. Other than deleting the apps is there anyway around this?

  OK. I will work backwards.
  You certainly don't want to have to delete apps every time that they need an update, for any number of reasons. Losing data first and foremost would be a drag, but the overall hassle would be absurd. All things being equal, you should be able to update apps in the future after you delete them and reinstall them. I delete and reinstall apps all the time and I am also able to update them when updates are available for the apps. I just wanted to know if you had any success in any fashion installing apps.
  Resyncing/refreshing the Apple ID/iTunes account wouldn't seem to be the issue either if you can download apps or other content from the iStores. Your ID is being accepted.
  That leaves us with I'm not sure what. But I think I would try this trick fix and see if it helps.
  Go to Settings>General>Date and Time>Set Automatically>Off. Set the date one year ahead. Try to update the apps again. If you get an error message, go back to the settings. Correct the date and time (set automatically) then go back and try to update the apps again.

• I had synced all my infos (passwords etc.) in my old laptop but today, when I linked my new laptop with my firefox sync account, I didn't find my saved infos.

  Before I came to my new place, I had saved all my info like passwords, bookmarks etc. in my old laptop and synced them with my Firefox sync account. But, after I came to my new place, I bought a new laptop. But when I signed in my Firefox sync account in my new laptop, I didn't find all those bookmarks or saved passwords. What do I do?

  Yes, I would say that your passwords are gone. When the Sync Key is "updated" as indicated in that part of the sync-log that I cropped, the server is wiped of the users data because that data is useless. That Sync key is the encryption key for the users data when that data is off the user's devices which are connected to Firefox Sync. No one except for the person with the correct Sync Key (the "owner" of that Sync account) can use that data as the data is scrambled.
  I am curious about the full text of the last two sync-log files, 11kb and 38kb is a lot more data than usual for a sync-log. On my 3 separate Sync accounts I usually see sync-log files of 3kb to 8 kb when there is an error-. Problem is that this forum software doesn't provide for file uploads, and doing a copy&paste of that data into the Reply Box doesn't preserve the line formatting - making it very difficult to read and follow the sequence of events.
  Sorry we didn't have a successful conclusion.

• HT4865 my ipad was sync with other icloud account. i tried to delete the account to be able to sign in with my own icloud account. but i cannot delete it because i dont know the password of the other account what can i do?

  how can i sign in with my icloud account without entering the password of the other account?

  Sorry kokorokok,
  You are going to need the iCloud ID and password of the previous sign on in order to delete the account:
  Removing Previous Owner from Device
  All the steps in the link above must be followed in order for you to get your iCloud ID signed onto your device.
  Sorry,
  GB

• Can't sync anything with my microsoft account and can't create a new one?

  Hi,
  I have recently done a software update to Windows 8.1 and now every time I try to access an app it prompts me to sign in to sync my data. I follow the screen prompts using my email address and password (the same as the one I have used to access this forum
  so my current working microsoft account) and it says a microsoft account with this email address already exists on this PC. 
  I get through to the validation code page section, the code is sent to my phone, I enter it, the cloud information page is displayed the switch to microsoft account option appears I click switch and it says an account already exists on this PC???
  If  I try to choose the alternative option of creating a new account with the same email address (my main email account) I have the same issue which is an account already exists. 
  I have lost data and can't sync any music tracks etc - hugely frustrating!
  What do I do??

  Hi,
  What's your current User Account? Local Account or Microsoft Account? If local account, please sign out and switch to Microsoft Account. If not, it should have problem with your Microsoft Account, please try to delete it from your system and readd it for
  test.
  Roger Lu
  TechNet Community Support

• Setting up Sync on new Android device it tells me invalid account/password yet Account and password work on my Mac computer version and my other android phone

  I have a MAC computer with Sync. Was set up under sync Beta. I have an Android phone synced to it that was synced using the pair this device function. It works perfectly. I just got a new Android Tablet and am trying to add it to my sync and it does not seem to have the pair my device function. It insists I log into my sync account. So I try it and it tells me invalid userid/password. I verify and it is the exact email address userid that shows as being my sync account on the MAC. I verify the password on the MAC and it tests out fine. Try the tablet again and invalid.. So I try to reset my password on the tablet and am told my email address/account name does not exist. I just verified it AND Synced my MAC using it!! I have my recovery Key but there is no place to input it into the tablet. There is no place on tablet to enter the link device codes. How can my account be valid and in use on two devices but invalid and nonexistant on the new one? And How do I get the New one to sync with other two?
  Been a week and not a single sign of any help or support. Not what a good trend considering how long I have been using and recommending Firefox. Is this the support can look forward to in the future?

  ok.. I tried this three times and kept getting that access denied thing when I clicked post my questions. So now maybe I wont have to typ this a fifth time....
  I have a MAC computer with Sync. Was set up under sync Beta. I have an Android phone synced to it that was synced using the pair this device function. It works perfectly. I just got a new Android Tablet and am trying to add it to my sync and it does not seem to have the pair my device function. It insists I log into my sync account. So I try it and it tells me invalid userid/password. I verify and it is the exact email address userid that shows as being my sync account on the MAC. I verify the password on the MAC and it tests out fine. Try the tablet again and invalid.. So I try to reset my password on the tablet and am told my email address/account name does not exist. I just verified it AND Synced my MAC using it!! I have my recovery Key but there is no place to input it into the tablet. There is no place on tablet to enter the link device codes. How can my account be valid and in use on two devices but invalid and nonexistant on the new one? And How do I get the New one to sync with other two?