Reset AADSync or AADConnect Password Hash Sync Configuration

While troubleshooting a Password Hash Sync issue with a customer, I found myself needing to trigger a full password hash sync for various connectors.  Password Hash Sync is a separate process from the AADSync process.  It's not a difficult process, but becomes time consuming (especially if you have a lot of connectors from which to choose).

The syntax for specifying source and target connectors is case-sensitive, which can cause additional frustration. Hopefully, this script will help address both of those problems.  This script is intended to be run from the AADSync or AADConnect server.

Download and save to the AADConnect server.  When you run it, it will display a menu of source and target connectors, so you can be sure of what you're selecting.

Comments (3)

  1. turbomcp says:

    cool stuff as always

  2. shafeer1 says:

    HI Aaron,

    I’m getting password Synchronization status as false in office 35 portal , I need to Sync my password as well.

    I’ve enabled the directory Sync in portal using powershell, by default the password sync should have enabled right?

    or do i need to do any additional configuration to enable password Sync.


  3. You’ll need to run AADSync setup to configure PasswordHash Sync the first time. There’s a checkbox after you enter your credentials and select the forest you want to sync. The current options page has several checkboxes, but the one’s you’ll want to have
    selected at a minimum are Exchange Hybrid (which you should have selected so you can get all of the synchronization rules) and Password Hash Sync (which you will need to select) to configure the connectors to replicate password hashes.

    In addition, you’ll need to either make the sync account a domain admin or grant the sync service account "Replicating Directory Changes" and "Replicating Directory Changes All" rights.

Skip to main content