2

Does anyone know of any options available to sync a users local AD password with a hosted exchange account password.

My question is along similar lines to this one here at ServerFault but as it was originally asked back in 2010, I was wondering if anyone knows of any progress made with syncing a local AD and hosted exchange account? Or are there any products available that will do this before we start rolling our own as it were?

The hosted exchange is run by a service provider who don't natively provide anything out of the box but are willing to work with us to implement a feasible solution, even if it means creating custom password filters along the lines of http://passwdhk.sourceforge.net/. Has someone come across this before?

Community
  • 1
stu432
  • 51
  • 1
  • 5

2 Answers2

1

In the end we ended up creating a custom password filter which enabled us to do what we wanted, using some obvious security precautions such as public key cryptography and ensuring the password reset end-point didn't store passwords and securely disposed of any received by it.

Turns out that although BPOS might make use of federation, hosted exchange won't as far as I could find/have been told, see Multi-Tenancy Guidance. Bit of a shame that this requirement hasn't (as far as I'm aware) been addressed by Microsoft yet.

stu432
  • 51
  • 1
  • 5
0

You might want to look into Federation Services / Windows Identity Foundation which would need to be implemented on the ASP's side. Apparently, there has been successful integration with the Office 365 services. Another example for what works is a federation of a local Exchange organization with Outlook Live! accounts.

A different approach would push your AD password changes to your hosted Exchage provider using some kind of identity management solution, but this is obviously insecure since the hoster would know (and even worse, store) your domain user's logon passwords.

the-wabbit
  • 40,319
  • 13
  • 105
  • 169