Assume that your organization is using the Azure Active Directory Sync Tool to sync your on-premises environment to Microsoft Azure Active Directory (Azure AD). However, when users in your organization who are out of scope for password hash synchronization are moved into scope for password hash synchronization, their passwords don't sync.
For example, you experience this issue after you move users from an existing organizational unit that's being filtered to an organizational unit that's being synced.
Solution 1: Have the user change his or her password
Having the user change his or her password triggers a request to have the password synced. You must wait a few minutes for the sync to occur.
Solution 2: Reset the user password
When an admin resets a user’s password from the user's local Active Directory schema and the reset password isn't temporary, a request will be sent to have the password synced. You must wait a few minutes for the sync to occur.
Solution 3: Perform a full password sync
A full password sync will sync passwords for all users. On the computer that has the Azure Active Directory Sync Tool installed, follow these steps:
Perform a full password sync for all users who are synced through directory synchronization. To do this, follow these steps:
Open Windows PowerShell, type Import-Module DirSync, and then press Enter.
After the Windows PowerShell session starts, run the following cmdlet:
Restart the Forefront Identity Manager Synchronization Service. To do this, follow these steps:
Click Start, click Run, type services.msc, and then click OK.
In the list of services, right-click Forefront Identity Manager Synchronization Service, and then click Restart.
Microsoft Azure Cloud Services, Microsoft Azure Active Directory, Microsoft Office 365, Microsoft Intune, CRM Online via Office 365 E Plans, Microsoft Azure Recovery Services, Office 365 Identity Management