Forum Discussion
AAD Connect synchronization of pwdLastSet
Hello
We have an hybrid environment , AD on prem synchronized by AAD Connect to Azure AD using password hash sync , and we want to get the on prem AD attribute pwdLAstSet synchronized with the corresponding one lastPasswordChangeTimestamp on Azure AD .
Is it possible to achieve this simply changing to the current system time the attribute "pwdLastSet" , by assigning "0" and in turn "-1" to it , as explained in the page ? :
https://social.technet.microsoft.com/Forums/en-US/6622c897-c460-41ce-a237-a6eabff3ca12/why-cant-i-set-pwdlastset-with-setaduser?forum=winserverpowershell
I tried but actually the attribute isn't synchronized , it gets aligned only If I really make a password reset on prem but I'd rather avoid on prem users change their passwords .
Thanks a lot.
Regards
Antonello
2 Replies
Hallo Antonello
If your question is still open:
You can configure the Azure AD Connect Client with the option "Directory extension attribute sync" to sync the attribut "pwdLastSet" from AD to AAD.
The timestamp can then be seen in Azure AD.
See more detailed configuration information:
https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/user-provisioning-sync-attributes-for-mapping
or
https://www.cloudkaffee.ch/microsoft-azure/azure-ad-connect-directory-extensions-verzeichniserweiterung-synchronisieren/
maybe that will help you
best
Oli- Hi
Anybody ?
Thanks
Antonello
