Hey everyone! I'm seeking some advice regarding an issue with password synchronization to Entra. I've updated two users' passwords on our on-premises domain controller and synced to Entra, but it's been over two hours and the new passwords still haven't reflected there. The last password change for these users shows as six months old in Entra. Although Entra Connect doesn't display any errors and indicates that the most recent password sync was only five minutes ago, I feel something's off.
I checked the Entra sync service utility on the server and it shows the accounts requesting updates in the sync flow. Just for context, most of our users are utilizing passwordless logins, but since one user forgot her Fido PIN and password, I reset her password on-prem to test the sync functionality, but it's clearly not working. All Fido users have their passwords set to never expire. I still have a domain laptop and logged in with the new password, and that worked without issue, so I'm at a bit of a standstill. I also ran the troubleshooting tool in the Entra Connect tool against password hash sync, and it reported no errors.
Is there something I'm overlooking here? I'd really appreciate any insights!
2 Answers
It might be worth rerunning the password write-back configuration. I've noticed that sometimes the AD permissions aren't set correctly, meaning the sync account lacks the necessary permissions. Make sure the sync account has full control over the users, groups, and devices in the OUs that you want to sync.
Check out the troubleshooting steps linked here: https://learn.microsoft.com/en-us/troubleshoot/entra/enra-id/user-prov-sync/troubleshoot-pwd-sync. It could guide you through some common issues related to password sync.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures