• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar
OpenTechTips

OpenTechTips

Comprehensive IT Guides for Pros and Enthusiasts

MENUMENU
  • HOME
  • ALL TOPICS
    • Exchange
    • InfoSec
    • Linux
    • Networking
    • Scripting
      • PowerShell
    • SSL
    • Tools
    • Virtualization
    • Web
    • Windows
  • ABOUT
  • SUBSCRIBE
Home » Office 365 – Force Password Sync with Azure AD

Office 365 – Force Password Sync with Azure AD

August 19, 2020 - by Zsolt Agoston - last edited on August 5, 2021

Password hashes are synchronized separately from the user account to the Azure Active Directory by AADSync. If there are issues with hash sync for certain users or even whole domains, there is a great built-in tool to diagnose the issues and to sort the problems on the AADSync server.

1. Diagnose Password Sync Issues

Use the following cmdlet to open an interactive diagnostic test for DirSync.

PS C:\> Invoke-ADSyncDiagnostics

Option "2" is password sync

Office 365 – Force Password Sync with Azure AD

We check if the password hash synchronization is working fine for a specific user, Alice

Office 365 – Force Password Sync with Azure AD

It fails as the user is not synced to Azure AD at all.

Office 365 – Force Password Sync with Azure AD

After moving her to a syning OU, and initiating a sync cycle, we check again. This time it is successful

Office 365 – Force Password Sync with Azure AD

2. Force Sync of Password Hashes with PowerShell

The following short script will force an immediate re-sync of user passwords to the cloud. You'll need the source- and target connector names to initiate the sync process.

# If you are not sure about the source- and target connector names, you can check them by running the following cmdlet:

PS C:\> Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" PS C:\> Get-ADSyncConnector | Select type,name Type Name ---- ---- Extensible2 alwayshotcafe2020.onmicrosoft.com - AAD AD AlwaysHotCafe.com

The Script:

# Define the source and target connectors
$adConnector  = "AlwaysHotCafe.com"
$aadConnector = "alwayshotcafe2020.onmicrosoft.com - AAD"

Import-Module -Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync"

# Update the existing connector with the option to force full password sync
$c = Get-ADSyncConnector -Name $adConnector
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c.GlobalParameters.Remove($p.Name)
$c.GlobalParameters.Add($p)
$c = Add-ADSyncConnector -Connector $c

# Disable and re-enable Azure AD Connect to trigger the password sync
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $true

Reader Interactions

Comments Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Tools

Secondary Sidebar

CONTENTS

  • 1. Diagnose Password Sync Issues
  • 2. Force Sync of Password Hashes with PowerShell

  • Terms of Use
  • Disclaimer
  • Privacy Policy
Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
Manage your privacy
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}