Forum Discussion
Migration to Cloud Sync (passwords)
We want to migrate from AAD Connect Sync to Cloud Sync. When provisioning new users we could use temporarily passwords in AAD Connect Sync, through this feature: Set-ADSyncAADCompanyFeature -For...
VasilMichevI'm afraid that's AAD Connect sync only, unless someone has other experience.
When looking at the docs of Cloud sync, there is no reference to ForcePasswordChangeOnLogOn or userForcePasswordChangeOnLogonEnabled.
I'm looking for confirmation that this scenario is indeed not supported when using Cloud Sync. According to the MS docs, not even the password get synced when "change password on next logon" is set in AD.
What happens when a synced user is required to change password on next logon?
If password hash sync is enabled in cloud sync and the synced user is required to change password on next logon in on-premises AD, cloud sync doesn't provision the "to-be-changed" password hash to Microsoft Entra ID. Once the user changes the password, the user password hash is provisioned from AD to Microsoft Entra ID.