MCSMLab

View Original

PowerShell script: Activate-SyncedPasswords

In June of 2013, Microsoft released an update to the DirSync appliance that allowed it to sync passwords from an on-premises Active Directory into Azure Active Directory for use in authentication. Since then, Microsoft has also released AADSync, which is a more advance version of DirSync that allows for more complex on-premises Active Directory configurations to be connected to Azure Active Directory. Recently AADSync was updated to include the password sync feature.

All this means that Office 365 and Azure customers can use DirSync or AADSync as a backup to ADFS for authentication into Microsoft cloud services. The problem I keep seeing is that the process of switching your Office 365 or Azure tenant from using ADFS (federated authentication) to using DirSync/AADSync (managed authentication) is confusing.

There are several other blogs that explain the differences between PowerShell commands like Set-MsolDomainAuthenication and Convert-MsolDomainToFederated. I am not going to repeat that information here. What I thought I could add, however, is a easy to use script that will make the need to remember which command does what irrelevant.

Activate-SyncedPasswords is a PowerShell script I have published to the TechNet Gallery that presents a simple menu to assist in switching between your ADFS and DirSync passwords.

First it asks for your Azure Active Directory credentials (Office 365 global admin credentials work for Office 365 tenants), then shows you the domains associated with that tenant. You then make a simple choice to switch authentication methods as needed.

If you have any questions, or suggestions for improvements, please let me know below.