Can the Server Service and Client Service be installed on the same server?
Yes. The only requirement is the Server Service requires a Windows 2008 R2 or Windows 2012 server. So if you have a domain controller running Windows 2008 R2 or Windows 2012, both components could be installed.
Can I Synchronize the Existing User Passwords to Office 365?
No, the Passwords are only synchronized when they are changed. During a migration, you could force the users to change their password at next login in the Active Directory, which would then sync to Office 365. They would then sign into Office 365 using their new password.
Do I need to install the Password Client on all DCs?
Yes. When a user changes their password, that change could hit any DC in the domain so the client must be installed on all. The exceptions would be Read Only DCs and domains which don’t have any users, such as an empty forest root domain.
How does the application match the Active Directory user to the Office 365 User?
On the password client, you have the option of selecting the Matching Attribute. It can either be the mail attribute or the UPN value. If you open the Password Client Admin application on the DC and go to the Config tab, you’ll see an option which allows you to select the attribute. If you make the change, just save the config, stop and start the service.
Is Directory Synchronization Required?
No. We match the AD accounts to the Office 365 User based on the matching attribute configured on the Password Client Admin.
How is Password Complexity Handled?
Password Sync does not enforce password complexity. It simply takes the password and passes it to Office 365. Office 365 then verifies the complexity.
Can I create an LDAP Filter Based on OU?
No, Active Directory does not support filtering based on OU. An alternative is to create a group and which contains members of the OU and uses the memberof attribute in Active Directory.