Forum Discussion

ElieAT's avatar
ElieAT
Iron Contributor
Jul 29, 2022

Enable Password Never Expires

Hello,   Kindly i need to know if we enable password never expires from office365 portal, how it will affect on premises users if we are in hybrid environement?   Regards,    
  • eliekarkafy's avatar
    eliekarkafy
    Jul 29, 2022
    with PTA always your user rely on your on-prem AD authentication. Even if you set your password never expired on Azure AD and the password is expired on-prem the user will be blocked. the best practice for your case is to switch to password hash sync. if you need to keep the PTA scenario than an alternative solution is to enable the password write back feature so the user will have the ability to change or reset his password and the password will be synced back the AD on-prem.

    Refer to the below link to see how you can enable the password write back feature

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback

Resources