The hosting venue has changed to serve you better.
When attempting to migrate a Microsoft 365 organization from federated authentication to Password Hash Sync, there are a couple of gotchas that can impact how you manage certain accounts. These changes in authentication behavior determine whether you need to implement new workflows or business processes–changes surrounding expired accounts and accounts flagged to force password change on next logon.… [ Continue reading ]
When attempting to migrate a Microsoft 365 organization from federated authentication to Password Hash Sync, there are a couple of gotchas that can impact how you manage certain accounts. These changes in authentication behavior determine whether you need to implement new workflows or business processes–changes surrounding expired accounts and accounts flagged to force password change on next logon.… [ Continue reading ]
This week, I received an email from a colleague asking if there was a way to work around the default behavior described in https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization:
Password expiration policy
If a user is in the scope of password synchronization, the cloud account password is set to Never Expire.… [ Continue reading ]
While troubleshooting a Password Hash Sync issue with a customer, I found myself needing to trigger a full password hash sync for various connectors. Password Hash Sync is a separate process from the AADSync process. It’s not a difficult process, but becomes time consuming (especially if you have a lot of connectors from which to choose).… [ Continue reading ]
A few years ago, we released “DirSync with Password Hash Synchronization,” and it was kind of an all-or-nothing choice. You could either have a synchronized account database with synchronized password hashes (so users would authenticate in the cloud), or a federated environment. … [ Continue reading ]