Abstract: A system includes a target directory service, a domain mesh with a plurality of domains, and a synchronization host coupled to the domain mesh. The synchronization host is configured to synchronize password changes received in the domain mesh with the target directory service. Synchronizing the password changes includes receiving at the synchronization host a hash value representative of a plaintext password from the domain mesh, performing at the synchronization host an additional hash on the hash value to generate protected password data, and exporting the protected password data from the synchronization host to the target directory service.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.

Abstract: Coexistence tools are described for synchronizing properties between on-premises customer locations and remote hosting services. These tools may provide methods that send the tools for installation onto on-premises infrastructure located at customer sites, execute the tools to manage the customer infrastructure remotely via a hosted service, and synchronize properties at the customer site with the hosted service. Other methods may include receiving the tools from the hosted service, communicating configuration parameters related to operating the tools, and executing the tools in response to the configuration parameters. The tools may also provide systems that include on-premises servers associated with the customer infrastructure, with the on-premises servers including on-premises coexistence components for maintaining the property at the customer site. These systems may also include administrative servers associated with the hosted service.

Abstract: Large messages in the form of hierarchically structured documents are processed in a streaming fashion using the ultimate consumer read requests as the driving force for the processing. The messages are partitioned into fixed length segments. The segments are processed in pipeline fashion. This processing chain includes simulating random access of hierarchical documents using stream transformations, mapping streams to a transport's native capabilities, composing streams into chains and using pipeline processing on the chains, staging fragments into a database and routing messages when complete messages have been formed, and providing tools to allow the end user to inspect partial messages.

Abstract: In one embodiment, a client computer system receives user credentials from a computer user. The client computer sends the received user credentials to an authentication service running on a server computer in a datacenter, where the authentication service is configured to authenticate the user credentials so that the user is authorized to access datacenter-provided information corresponding to various client-side applications. The client computer receives an authorization indication from the authentication service indicating that the user is authorized to access the datacenter-provided information and stores the received authorization indication in a credential store on the client computer.

Abstract: Workflow management for maintaining consistency of persisted state across communicating components via batching of uncommitted work. A workflow component defines a workflow containing work items to be performed by service provider components. The workflow component assigns the work items to the service provider components, and the service provider components acknowledge the assigned work items. The workflow component appends the assigned work items to a work batch. The workflow component creates a transaction containing the batched work items. The workflow component commits to the workflow by requesting the service provider components to perform the work items. The workflow component checks the state of the execution of the work items and stores the state in a persistent storage.

Abstract: This description provides tools for providing integrated user experiences while allocating licenses within volume licensing systems. These tools may provide methods that include sending information for presenting licensing portals at recipient organizations. The licensing portals may include representations of properties licensed by the organizations, and may include indications of how many licenses remain available for allocation. The methods may include receiving and validating licensing requests. The tools may provide other methods that include requesting and receiving information for presenting the licensing portals, as well as requesting and receiving licensing-related actions from the licensing systems. The tools may provide still other methods that include receiving requests for information to present launch portals, with these requests incorporating user identifiers for particular end-users.

Abstract: Coexistence tools are described for synchronizing properties between on-premises customer locations and remote hosting services. These tools may provide methods that send the tools for installation onto on-premises infrastructure located at customer sites, execute the tools to manage the customer infrastructure remotely via a hosted service, and synchronize properties at the customer site with the hosted service. Other methods may include receiving the tools from the hosted service, communicating configuration parameters related to operating the tools, and executing the tools in response to the configuration parameters. The tools may also provide systems that include on-premises servers associated with the customer infrastructure, with the on-premises servers including on-premises coexistence components for maintaining the property at the customer site. These systems may also include administrative servers associated with the hosted service.

Abstract: Large messages in the form of hierarchically structured documents are processed in a streaming fashion using the ultimate consumer read requests as the driving force for the processing. The messages are partitioned into fixed length segments. The segments are processed in pipeline fashion. This processing chain includes simulating random access of hierarchical documents using stream transformations, mapping streams to a transport's native capabilities, composing streams into chains and using pipeline processing on the chains, staging fragments into a database and routing messages when complete messages have been formed, and providing tools to allow the end user to inspect partial messages.

Abstract: Workflow management for maintaining consistency of persisted state across communicating components via batching of uncommitted work. A workflow component defines a workflow containing work items to be performed by service provider components. The workflow component assigns the work items to the service provider components, and the service provider components acknowledge the assigned work items. The workflow component appends the assigned work items to a work batch. The workflow component creates a transaction containing the batched work items. The workflow component commits to the workflow by requesting the service provider components to perform the work items. The workflow component checks the state of the execution of the work items and stores the state in a persistent storage.

Abstract: Large messages in the form of hierarchically structured documents are processed in a streaming fashion using the ultimate consumer read requests as the driving force for the processing. The messages are partitioned into fixed length segments. The segments are processed in pipeline fashion. This processing chain includes simulating random access of hierarchical documents using stream transformations, mapping streams to a transport's native capabilities, composing streams into chains and using pipeline processing on the chains, staging fragments into a database and routing messages when complete messages have been formed, and providing tools to allow the end user to inspect partial messages.

Abstract: A system and method of remotely debugging an orchestration service instance providing a means for establishing a communications connection with a computer, wherein the computer is executing a business process service instance. Stored tracking information regarding the orchestration service instance is read, and the orchestration service instance is remotely debugged by way of the communications connection and according to the stored tracking state information.

Abstract: Large messages in the form of hierarchically structured documents are processed in a streaming fashion using the ultimate consumer read requests as the driving force for the processing. The messages are partitioned into fixed length segments. The segments are processed in pipeline fashion. This processing chain includes simulating random access of hierarchical documents using stream transformations, mapping streams to a transport's native capabilities, composing streams into chains and using pipeline processing on the chains, staging fragments into a database and routing messages when complete messages have been formed, and providing tools to allow the end user to inspect partial messages.