Prerequisites
- Your Azure Active Directory tenant must be enabled for Directory Synchronization before the tenant can be enabled for Password Synchronization.
- The Server OS must be windows server 2008 R2 or higher
- Install Microsoft .NET 3.5 + Microsoft .NET Framework 4 on the Dirsync server
- Download Dirsync from the portal :Under – Users and groups –> Set up
Install Dirsync :
1. Run the Dirsync.exe application you downloaded
Click Next
2. Accept the License Terms
3. choose your installation path
4. It takes 10 minute or longer to complete
5. Click Next
6. choose to run the configuration wizard
Configure Dirsync to work with you Office365 Tenant
1. Click Next
2. Type your Office365 tenant administrator
3. Type an enterprise admins user from your local AD
4. if your deployment is in an hybrid environment click – Enable Hybrid Deployment
5. Enable Password Sync
You can check the synchronization status with the miisclient.exe tool :
C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell\Miisclient.exe
- Your account needs to be in the MIISAdmins local group in order to access this tool.
You can monitor the progress of Password Sync through the event log of the machine that is running the Directory Sync tool.
Determining the Password Sync status
You can determine which users have successfully had their passwords synchronized by reviewing the events that match the following criteria:
Source : Directory Synchronization
Event ID :656 , 657
The events with the Event ID 656 provide a report of processed password change requests:
The corresponding events with the ID 657 provide the result for these requests:
![clip_image001[4]](https://www.itblog.co.il/wp-content/uploads/2013/07/clip_image0014.jpg)
In the events, the affected objects are identified by their anchor and the DN value. The anchor value corresponds to the ImmutableId value that is returned for a user by the Get-MsoUser cmdlet.
In addition to the object identifiers, Event ID 656 provides the date the user’s password was changed in the on-premises Active Directory::
Event ID 657 has a Result field in addition to the source object identifiers to indicate the status of synchronization for that user object.
A successfully synchronized password is in an event with the Event ID 657 indicated by a value of Success for the Result attribute. When a password synchronization attempt failed, the value of the Result attribute is Failure:
Disabling Password Sync
You disable Password Sync by re-running the Directory Sync tool Configuration Wizard.
When prompted by the Wizard, de-select the “Enable Password Synchronization” checkbox.
Note
This process will trigger a full synchronization. Full synchronization cycles generally take longer than other sync cycles to complete.
After running the Configuration Wizard, your tenant will no longer be synchronizing passwords.
New password changes will not synchronize to the cloud.
Users that previously had their passwords synchronized will be able to continue logging in with those passwords until they manually change their passwords in the cloud.
Good luck 
