Does anyone know if there might be a possibility of synching Google Apps mailbox passwords with Active Directory via ILM/FIM 2010? Especially bidirectionally? Thanks in advance.Ron Proschan

There is nothing out of the box available to handle this case.Bidirectional password synchronization is not even directly supported in AD with the existing components.Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

Thanks. I was under the impression that with Microsoft Live@edu (vs. Google Apps), it would be possible to use FIM 2010 to set up a system in which a change of password in the Live@edu account could be synched back to Active Directory. I know it will synch the other way (i.e., a change in password at Active Directory can be synched to Live@edu automatically to change the password there to match AD). And then, on the other hand, I thought Google Apps might NOT be able to do that. But maybe neither of them can do that? Thanks again.Ron Proschan

I can't tell you whether neither of them can do that because there might be some 3rd party working on this...What I can tell you, is that this is out of the box not supported.Cheers,MarkusMarkus Vilcinskas, Knowledge Engineer, Microsoft Corporation

We have an extensible ma that can sync passwords, provision, deprovision, and automate renames for google apps accounts (I believe rename automation is not presently possible with the google applications directory sync tool). Unfortunately, it is not possible to sync passwords from google apps to ad, only the other way. The password sync function of our ma has the option to only send hashes, so you are not revealing your passwords to google. It also works over https for transport level security, and can work through proxies if required. The ma is currently in use at a major, blue chip company. If you are interested in further information, please contact info@rockstoneconsultants.com best wishes, Dawn

Hi Ron, As an alternative to password sync I recommend taking a look at Active Directory Federation Services and SAML. The upcoming ADFS version 2 supports SAML 2.0 federation standard which can be used to implement SSO to google apps. More info can be found from here: http://code.google.com/intl/fi-FI/apis/apps/sso/saml_reference_implementation.html HTH, Lari

Hi Dawn, We want to implement similar kind of MA for provisioing with google apps. It will be appreciated if you can share the details of MA. Thanks in advance. Regards, Kishore