Forum Discussion
Impact with Password Policy when we disable AADConnect Dirsync
Hi all, We plan to disable AADconnect dirsync to go full cloud and use only Azure AD. This domain use a very "light" password policy, less restrictive than Azure AD : AD OnPrem : - Complexity...
Azure AD doesnt really care what the on-premises expiration settings were, only the cloud-side one will take effect. As to complexity/length requirement, you might need to toggle the "StrongPasswordRequired" flag off.
VasilMichevThanks Vasil for your answer.
I think you have only answered one question ;).
Do you have information on other questions below?
After we switch to full cloud users, the password policy for all users will change, and we don't want to lower the Azure AD password policy.
The question is more about :
- After disabled AADConnect dirsync, when all users are set to "Cloud Only" there will be no impact, right ?
- No impact when user authenticate to Azure AD with a password not matching the minimum requirements of new Azure AD Password policy ? Like a previous password set with only 6 characters password without complexity.
If we set Azure AD global setting with an password expiration policy (like 90 days):
- For user without previous "password never expire" on AD OnPrem (After the deactivation of AADconnect sync) :
- Password will expire 90 days after the user has been marked "Cloud Only"?
- or does Azure AD keep the "password last set " from previous AD OnPrem ?
- For user with previous "password never expire" on AD OnPrem:
- Your Answer : This setting is not keep from previous sync with AADConnect
- So all AzureAD user will apply a password with exipration, and we need to set again "password never expire" on each user that need this setting ? with : Set-AzureADUser -ObjectId XXX -PasswordPolicies DisablePasswordExpiration
- Your Answer : This setting is not keep from previous sync with AADConnect
Thanks !