Can
asked on
Passwords hashes doent sync to Azure AD?
Hi all,
This morning I have changed my password in my on-prem AD. With my account, I can access all on-prem resources. Yet, when I try to login to Azure AD, Microsoft Teams, or Exchange webmail, I get the incorrect password error. First, I thought there was an issue with the password hash sync. But via Azure AD the sync seems fine and even after I manually sync the password hashes, I cannot log in to Azure AD or Teams. At this moment around 8 more people who changed their password cannot log in to Microsoft Teams. How can I troubleshoot this?
Thanks in advance.
This morning I have changed my password in my on-prem AD. With my account, I can access all on-prem resources. Yet, when I try to login to Azure AD, Microsoft Teams, or Exchange webmail, I get the incorrect password error. First, I thought there was an issue with the password hash sync. But via Azure AD the sync seems fine and even after I manually sync the password hashes, I cannot log in to Azure AD or Teams. At this moment around 8 more people who changed their password cannot log in to Microsoft Teams. How can I troubleshoot this?
Thanks in advance.
ASKER
Hi Jazz,
Thanks for your reply. Unfortunately, full password sync didn't help. I also tried a password hash sync for a specific user. When I check the metaverse object log it shows the password sync is successful:
But when I try to login to Azure AD or Microsoft Teams I still get the wrong password error:
The failed login attempts are also seen in Azure AD:
Thanks for your reply. Unfortunately, full password sync didn't help. I also tried a password hash sync for a specific user. When I check the metaverse object log it shows the password sync is successful:
But when I try to login to Azure AD or Microsoft Teams I still get the wrong password error:
The failed login attempts are also seen in Azure AD:
That’s odd. Also, does it by any chance recognize the old password(s)? Otherwise, I would recommend looking at this troubleshooting guide then to try to pinpoint the issue further (skip the tasks already tried):
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-password-hash-synchronization
Are they all using the web version of MS Teams as well or the desktop app?
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-password-hash-synchronization
Are they all using the web version of MS Teams as well or the desktop app?
ASKER
It does recognize old passwords. When i try to diagnose password hash synchronization it gets stuck here:
It is now for around 30 minutes idle at this stage. Believing the Microsoft document it should continue to this: 
It is now for around 30 minutes idle at this stage. Believing the Microsoft document it should continue to this:
ASKER
It seems that other users are able to use the new password after around 20 minutes. (sync happens after 30 minutes). So at this moment I only have my own account which doesn't get synchronized.
I came across this community post link and some of the replies at end it sounds similar to your account problem.
https://community.spiceworks.com/topic/2045079-ad-connect-re-sync-password-after-changing-in-azure-ad
https://community.spiceworks.com/topic/2045079-ad-connect-re-sync-password-after-changing-in-azure-ad
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would actually recommend running a full password synchronization (see links below for the script):
https://techcommunity.microsoft.com/t5/itops-talk-blog/powershell-basics-how-to-force-a-full-password-sync-in-azuread/ba-p/900063
https://www.anexinet.com/blog/forcing-password-synchronization-with-the-azure-ad-connection-tool/