how are password changes in ad handled with adfs?

Right now we are using office 365 with adfs. Users have 'remeber me' checked for outlook 2013.

Given this scenerio below:

user A for whatever reason decides to change password from 1234 to 5678. We do not do force a sync with adfs.

Can the user still log into outlook 2013?

What happens when the system updates with the password change?

Prior to the system updating  the user attempts to log into the office 365 portal with their new password. Will that lock their ad account?
iamuserAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
ADFS does not sync or store passwords. You are authenticating against your domain controllers when you authenticate. So changes are immediate, and yes an account will get locked if you fail too many times.
iamuserAuthor Commented:
But I notice that if I make a change to a title or department name to a user account, that change is not reflected office 365 unless I force a dirsync. Isn't adfs holding a non real time copy of ad info?
Cliff GaliherCommented:
No DirSync (and ad connect, it's replacement, sync account information into Azure Active Directory, and yes, that happens at regular intervals, not in real time. But if you've set up Office 365 to use ADFS, all authentication requests are redirected from Azure AD to your ADFS servers, and they, in turn, authenticate against your domain controllers. Thus, password changes do impact any service that is authenticating against ADFS, including O365, and that happens quickly...NOT at the diraync interval. ADFS has *no* copies AD information. DirSync doesn't copy information into ADFS at all.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Vasil Michev (MVP)Commented:
When changing passwords, make sure to remove the old credentials from Cred manager and/or any mobile devices. As soon as the new password is in effect, using the stored credentials can indeed result in locking the account. Note also that it might take some time for the new password to be in effect. This is not related to sync or anything similar, the reason behind is that the different frontend servers cache tokens and will only ask the user to reauthenticate once the token expires.

When the old password is no longer valid Outlook will prompt for credentials, this is the time to remove the old creds and enter the new password. If for whatever reason Outlook is not presenting the credentials dialog and not connecting after the password change, remove the old credentials and restart Outlook.
iamuserAuthor Commented:
thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.