Forum Discussion
Solved
Windows AD account password expired but user can still send/receive email and use Teams
Hi. I recently discovered that some users with expired AD passwords are still working as if nothing has changed, which caught me by surprise. All the users affected do not use the VPN on a regula...
- Hello Fnanfne
Please have a look at the article below
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization#enforcecloudpasswordpolicyforpasswordsyncedusers
https://docs.microsoft.com/en-us/answers/questions/721416/password-expiration-with-aad-connect-password-hash.html
https://techcommunity.microsoft.com/t5/office-365/password-expiration-with-aad-connect-password-hash-sync/m-p/329248
Cheers
Hello Fnanfne
Please have a look at the article below
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization#enforcecloudpasswordpolicyforpasswordsyncedusers
https://docs.microsoft.com/en-us/answers/questions/721416/password-expiration-with-aad-connect-password-hash.html
https://techcommunity.microsoft.com/t5/office-365/password-expiration-with-aad-connect-password-hash-sync/m-p/329248
Cheers
Please have a look at the article below
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization#enforcecloudpasswordpolicyforpasswordsyncedusers
https://docs.microsoft.com/en-us/answers/questions/721416/password-expiration-with-aad-connect-password-hash.html
https://techcommunity.microsoft.com/t5/office-365/password-expiration-with-aad-connect-password-hash-sync/m-p/329248
Cheers
EmekaNgene Thank you! This is the exact information I needed, appreciated!
"If a user is in the scope of password hash synchronization, by default the cloud account password is set to Never Expire."
So this is indeed by design but it makes no sense to me, why make this the default behaviour? I see no rationale being given. It's almost like having a car with no engine, like what is the point? I'm upset with myself for assuming the contrary but happy to now be in the know, thanks again.
I did see the Note reading "The Set-MsolPasswordPolicy PowerShell command will not work on federated domains." so that will be my next hurdle to jump over before attempting to change this horrid default setting.