Passwords don't sync for users who are moved into scope to be synced in the Azure Active Directory Sync Tool

PROBLEM

Assume that your organization is using the Azure Active Directory Sync Tool to sync your on-premises environment to Microsoft Azure Active Directory (Azure AD). However, when users in your organization who are out of scope for password hash synchronization are moved into scope for password hash synchronization, their passwords don't sync. 

For example, you experience this issue after you move users from an existing organizational unit that's being filtered to an organizational unit that's being synced.

Note This article applies to you only if you have filtering for directory synchronization configured. For more info, see Configure filtering for directory synchronization.

SOLUTION

Solution 1: Have the user change his or her password

Having the user change his or her password triggers a request to have the password synced. You must wait a few minutes for the sync to occur.

Solution 2: Reset the user password

When an admin resets a user’s password from the user's local Active Directory schema and the reset password isn't temporary, a request will be sent to have the password synced. You must wait a few minutes for the sync to occur.

Solution 3: Perform a full password sync

A full password sync will sync passwords for all users. On the computer that has the Azure Active Directory Sync Tool installed, follow these steps:
  1. Perform a full password sync for all users who are synced through directory synchronization. To do this, follow these steps:
    1. Open Windows PowerShell, type Import-Module DirSync, and then press Enter.
    2. After the Windows PowerShell session starts, run the following cmdlet:
      Set-FullPasswordSync 
  2. Restart the Forefront Identity Manager Synchronization Service. To do this, follow these steps:
    1. Click Start, click Run, type services.msc, and then click OK.
    2. In the list of services, right-click Forefront Identity Manager Synchronization Service, and then click Restart.

MORE INFORMATION

Still need help? Go to Microsoft Community or the Azure Active Directory Forumswebsite.
Properties

Article ID: 2915221 - Last Review: Dec 29, 2016 - Revision: 1

Microsoft Azure Cloud Services, Microsoft Azure Active Directory, Office 365, Microsoft Intune, CRM Online via Office 365 E Plans, Microsoft Azure Recovery Services, Office 365 Identity Management

Feedback