<

Azure AD Connect Password Synchronization not working.

Published on
3,133 Points
133 Views
Last Modified:
Editors:
Saif Shaikh
Worked for Microsoft 4 yrs. as an Exchange Admin. Has been in IT for the last 17 yrs. Currently working as Exchange and O365 migration Exp.
A description of how I fixed an Azure AD Connect password synchronization error.

The Scenario

I have a client who had an issue with Azure AD Connect Password Synchronization not working. When logged in to the O365 portal, I noted that the password sync showed "RED" and not as "Green" with the "Recent Synchronization" Message in the Dashboard.


These can be seen with different tenants at times and to fix the issue we needed to disable password synchronization and then re-enable it, which forced a fresh password sync.


Solution Used


1. Log in to Azure AD Connect server/dc
2. Open MIISClient or simply search for "synchronization service" and open the same with elevated permissions
3. You will be able to see 2 connector's i.e. "yourdomain.local" and "onmicrosoft.com - AAD"
4. We need to remember the 2 domain names and update the same in Powershell variables
5. Open a Powershell with elevated credentials and run the commands:

$adConnector = "domain.local"
$aadConnector = "domain.onmicrosoft.com - AAD"


Note: $adConnector is just a variable you are setting for the actual command which will be shown later.

6. You will have to set the variables as per your connector names accordingly.
7. Now that we have set the variables in the Powershell, we need to run the actual Powershell script to disable and re-enable the password sync.
8. In the same Powershell window, run the command:

Import-Module adsync

$c = Get-ADSyncConnector -Name $adConnector

$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String,

ConnectorGlobal, $null, $null, $null

$p.Value = 1

$c.GlobalParameters.Remove($p.Name)

$c.GlobalParameters.Add($p)

$c = Add-ADSyncConnector -Connector $c

Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $false

Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $true


9. The above script will disable password synchronization and then re-enable it, which forces a fresh sync
10. Once you run the script above, you’ll see the following 2 Event IDs i.e. Event 657,656 with Source "Directory Synchronization" showing a successful password synchronization. Success!
11. Run a delta sync from the same Powershell command: start-adsyncsynccycle -policytype delta
12. Log in to the Office 365 portal and you should now be able to see password sync working again with "Recent Synchronization" information



0
Author:Saif Shaikh
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free