Reset AADSync or AADConnect Password Hash Sync Configuration

Reset AADSync or AADConnect Password Hash Sync Configuration

  •  
  •  
  •  
  •  
  •  
  •  

While troubleshooting a Password Hash Sync issue with a customer, I found myself needing to trigger a full password hash sync for various connectors.  Password Hash Sync is a separate process from the AADSync process.  It’s not a difficult process, but becomes time consuming (especially if you have a lot of connectors from which to choose).

The syntax for specifying source and target connectors is case-sensitive, which can cause additional frustration. Hopefully, this script will help address both of those problems.  This script is intended to be run from the AADSync or AADConnect server.

Download and save to the AADConnect server.  When you run it, it will display a menu of source and target connectors, so you can be sure of what you’re selecting.

https://gallery.technet.microsoft.com/Reset-AADSync-or-f8a0ba2a/file/144862/1/ResetPasswordHashSync.ps1

Published by Aaron Guilmette

Helping companies conquer inferior technology since 1997. I spend my time developing and implementing technology solutions so people can spend less time with technology. Specialties: Active Directory and Exchange consulting and deployment, Virtualization, Disaster Recovery, Office 365, datacenter migration/consolidation, cheese.

Reader Comments

  1. You’ll need to run AADSync setup to configure PasswordHash Sync the first time. There’s a checkbox after you enter your credentials and select the forest you want to sync. The current options page has several checkboxes, but the one’s you’ll want to have
    selected at a minimum are Exchange Hybrid (which you should have selected so you can get all of the synchronization rules) and Password Hash Sync (which you will need to select) to configure the connectors to replicate password hashes.

    In addition, you’ll need to either make the sync account a domain admin or grant the sync service account "Replicating Directory Changes" and "Replicating Directory Changes All" rights.

  2. HI Aaron,

    I’m getting password Synchronization status as false in office 35 portal , I need to Sync my password as well.

    I’ve enabled the directory Sync in portal using powershell, by default the password sync should have enabled right?

    or do i need to do any additional configuration to enable password Sync.

    Thanks,
    Shafeer

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.