Hi experts, I have a single on premises AD domain controller (Windows 2008R2) and in addition I have recently set up an Azure VM and connected this to my premises via site to site VPN. I have joined the Azure VM to the on premises domain and promoted this to a DC also. Everything is replicating fine and it's working as expected. However, recently we have forced users to reset their passwords on next log in and for some of them at least they have had problems authenticating to network shares etc for a short period. I believe the issue here is that they have authenticated against the Azure DC and have to wait (15 minutes?) for the two DCs to replicate the new password update. Upon performing a gpresult /r I can see that user group policy is being applied from the Azure DC which seems to confirm my thoughts.
My question is, can I force the client PCs to authenticate to the on premises DC first and only use the Azure DC as a backup (this is its sole purpose anyway)? Failing that, can I force user password changes to replicate between the DCs instantly?
I have approximately 30 PCs on premises and would prefer not to have to make configuration changes on each PC in order to achieve this.
Any other suggestions to avoid this issue are welcome. Thanks