Passwords not sync’ing with Azure AD Connect

Passwords not sync’ing with Azure AD Connect

Recently while performing a migration from a local Exchange server to Office 365, we had setup the new Azure AD Connect on a Windows 2012 domain controller. Everything looked OK on the surface as the Office 365 Admin portal reported that the users were “Synced with Active Directory”. However, trying to login with a users Active Directory password failed, and we were able to change the password using the Office 365 portal, which should not be possible when sync’d with AD.

We attempted to force a full sync with the MIISCLIENT as recommended by Microsoft Support, which did not cure the issue. Microsoft Support ended up writing a small Powershell script which we executed against the environment, and voila! Passwords were now sync’ing. The Azure AD Connect client was supposed to correct these types of issues that exist in the newly replaced DirSync, but it seems they still exist.

The Powershell script is pretty simple: It just disables password sync and enables it immediately. Here is the script:

$adConnector  = "contoso.local"                    # enter your local Active Directory Connector Name

$aadConnector = " - AAD"    # enter your Azure AD Connector Name

Import-Module adsync

$c = Get-ADSyncConnector -Name $adConnector

$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null

$p.Value = 1



$c = Add-ADSyncConnector -Connector $c

Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $false

Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $true

Download the PowerShell script ResetAADPasswordSync here. You’ll need to modify it with your connector names. Hope this helps someone out there encountering the same type of issue!