Forum Discussion
Why can an account expire on-prem and still access email, Teams, etc.?
Hello everyone!
I am currently dealing with an issue where one of my user's accounts expired on our prem solution (which should be synced with AD through AD Connect), but they can still access their email, teams, and all that good stuff. It doesn't seem to have synced up correctly with Azure AD.
Can someone help with this issue or throw some suggestions my way? 🙂
9 Replies
- account expiration isnt a replicated value of Adconnect
unless you have something onprem running to check expirations & then disable the local AD Account once expiration has been reached the users will still be able to sign in /user Azure/365 resources since to Azure AD the user is still enabled- Yeah, it's explained in the above links. If applicable one can use the EnforceCloudPasswordPolicyForPasswordSyncedUsers
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization#enforcecloudpasswordpolicyforpasswordsyncedusers- Ok, I was reading the OPs post from the view of AD account expiration, not password expiration
TuckerGreen, can you confirm if you were dealing with PW expiration or AD account expiration
You can read more about that here.
Account expiration
Implement password hash synchronization with Azure AD Connect sync - Microsoft Entra | Microsoft Learn (for reference).- I will try the PS Script. What was the purpose of including the Password Hash link? Do you think it could be an issue as well?
- Simply for reference.
- Thanks for your reply! I will read these and see if that fixes the issue 🙂
