Since few months, the directory synchronization tool for Office 365 allows password synchronization – see http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=521
While this feature is greatly appreciated – as it simplify SSO deployment and configuration for example, there was still a missing feature: the end user was not able to change his password from Office 365 services.
So, with the latest version of DirSync (version 1.0.6765.6) you can enable password synchronization in two way: meaning the "classic and default” way from your on premises to Office 365 but also from Office 365 to your on premises.
The first thing is to ensure you are running DirSync in the following version 1.0.6765.6 (or later of course ). If not, just upgrade or install a newer version (I always recommend to uninstall the current version and then install the new one).
Check the DirSync version
to check DirSync version you are currently using, open the Windows Explorer and browse to C:\Program Files\Windows Azure Active Directory Sync then right click on ConfigWizard.exe file and check the version
Enable Password Writeback feature
When you install and configure the DirSync tool, there is no option available to enable password writeback as we have to enable password synchronization – off course this settings MUST be enabled
So to enable the writeback feature, launch the DirSyncConfigShell.psc1 file with elevated privileges (this file is located in the same folder than ConfigWizard)
From a PowerShell windows launched with elevated privileges, go to C:\Program Files\Windows Azure Active Directory Sync and launch DirSyncConfigShell which then will launch a new PowerShell window
Then run the following command Enable-OnlinePasswordWriteBack
You will be asked for your local Active Directory administrator account and then your Office 365 administrator account
Then it may take few minutes to get the feature fully enabled
Once the feature has been enabled, the command prompt shows Password reset write-back is enabled.
You can also check when the feature has been enabled, open the local Event Viewer and look for the event ID 31005 – OnboardingEventSuccess from the source PasswordResetService
Disable the password writeback feature
If you want to disable it, just repeat the previous steps but then run the Disable-OnlinePasswordWriteBack; then the command prompt will show Password reset write-back is disabled