Configuration

Use AAD Connect to disable accounts with expired on-premises passwords

This week, I received an email from a colleague asking if there was a way to work around the default behavior described in https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-implement-password-synchronization:

Password expiration policy

If a user is in the scope of password synchronization, the cloud account password is set to Never Expire.[ Continue reading ]

Identity

Switching from Federated to Cloud Auth (AD FS to Dirsync/AADSync + Password Hash Sync or Password Hash Sync Failover)

A few years ago, we released “DirSync with Password Hash Synchronization,” and it was kind of an all-or-nothing choice.  You could either have a synchronized account database with synchronized password hashes (so users would authenticate in the cloud), or a federated environment. … [ Continue reading ]