Use AAD Connect to disable accounts with expired on-premises passwords

This week, I received an email from a colleague asking if there was a way to work around the default behavior described in https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization: Password expiration policy If a user is in the scope of password synchronization, the cloud account password is set to Never Expire. You can continue to sign in to your cloud…

0

Reset AADSync or AADConnect Password Hash Sync Configuration

While troubleshooting a Password Hash Sync issue with a customer, I found myself needing to trigger a full password hash sync for various connectors.  Password Hash Sync is a separate process from the AADSync process.  It's not a difficult process, but becomes time consuming (especially if you have a lot of connectors from which to…

3

Switching from Federated to Cloud Auth (AD FS to Dirsync/AADSync + Password Hash Sync or Password Hash Sync Failover)

A few years ago, we released “DirSync with Password Hash Synchronization,” and it was kind of an all-or-nothing choice.  You could either have a synchronized account database with synchronized password hashes (so users would authenticate in the cloud), or a federated environment.  In federated Office 365 environments, Office 365 points to an on-premise Active Directory…

2