Forum Discussion
Solved
Are dirsync'ed accounts automatically set to not have their passwords expire in AAD?
To make a long story short, a colleague's password expired eight days ago in AD but he's still able to login to the O365 portal and check his email. What I've discovered is that almost all my AAD...
No. Password synced users however are. From here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnectsync-implement-password-synchronization
Password expiration policy If a user is in the scope of password synchronization, the cloud account password is set to "Never Expire". You can continue to sign in to your cloud services using a synchronized password that has been expired in your on-premises environment. Your cloud password is updated the next time you change the password in the on-premises environment.
No. Password synced users however are. From here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnectsync-implement-password-synchronization
Password expiration policy If a user is in the scope of password synchronization, the cloud account password is set to "Never Expire". You can continue to sign in to your cloud services using a synchronized password that has been expired in your on-premises environment. Your cloud password is updated the next time you change the password in the on-premises environment.
Thanks for the citation. But why would they do this? I don't see how this is not a huge security problem.
Not sure, guess to avoid situations in which the synced password will expire (as it's governed by the O365 policy).