If AD Sync won’t update any user password across a domain follow these steps:
- Open Microsoft Azure Active Directory Connect
- Click Configure
- Click Troubleshoot
- Click Launch
- In PowerShell type 2 (Enter ‘2’ – Troubleshoot Password Hash Synchronization)
- Type 1 (Enter ‘1’ – Password Hash Synchronization does NOT work at all)
Usually, the output on your local AD Connector is:
Last successful attempt to synchronize passwords from this directory partition started at: [long time ago]
If this is the case proceed as follows:
- Open Synchronization Service Manager
- Click on Connectors
- Click on your local connector (ex. domain.com)
- Right-click, then open properties
- Under Connect to Active Directory Forest insert the password for the user and click ok
- Run an initial Sync in PowerShell: Start-ADSyncSyncCycle -PolicyType Initial
Azvise 