Forum Discussion
Betty Stolwyk
Nov 25, 2019Brass Contributor
Azure AD Connect Password hash synchronization
We use password hash synchronization with Azure AD Connect sync. Federation, SSO and pass-through authentication are all disabled. When we log onto our workstation computers using a domain user...
- Nov 26, 2019No problem, happy to help 🙂
It does seem like youll need to double check the password GPO. You could , from a logged on worksation do the "GPRESULT" command from CMD to see all GPOs that are applied to that user and worksation.
I would appreciate if you could mark my reply as "best response" if you feel satisfied 🙂
Let me know if you have other questions , feel free to DM me !
Kind regards
Oliwer Sjöberg
Betty Stolwyk
Nov 26, 2019Brass Contributor
oliwer_sundgren Thank you for your quick response!
I appreciate the clarification that logging into our workstation authenticates against our local Active Directory. That makes sense.
However, that information reinforces my confusion about why we never get asked for a new password on workstation login when we hit the 'maximum password age' of 42 days as defined by
our local default domain policy that is set in Group Policy Management. (I was thinking that might have been overridden by the Azure AD password policy of never expiring, but you cleared that up that is not the case.)
So it looks like this is a question that is outside of this forum's subject area since it must be some problem with the on-premises password policy.
So unless you happen to have some insight or advice for me on that, I will consider this answered 🙂
betty
oliwer_sundgren
Nov 26, 2019Steel Contributor
No problem, happy to help 🙂
It does seem like youll need to double check the password GPO. You could , from a logged on worksation do the "GPRESULT" command from CMD to see all GPOs that are applied to that user and worksation.
I would appreciate if you could mark my reply as "best response" if you feel satisfied 🙂
Let me know if you have other questions , feel free to DM me !
Kind regards
Oliwer Sjöberg
It does seem like youll need to double check the password GPO. You could , from a logged on worksation do the "GPRESULT" command from CMD to see all GPOs that are applied to that user and worksation.
I would appreciate if you could mark my reply as "best response" if you feel satisfied 🙂
Let me know if you have other questions , feel free to DM me !
Kind regards
Oliwer Sjöberg