Password change issue

RonaldvdMeer 

1. Update your Azure AD Connect.

2. How are you users changing Password and where ?

the Only way to update your passwords for users is to give them SSPR ( Self Service Password Reset/Change) which does change there password in Cloud ( Azure AD) and not On-premise. It is over write by password coming in from Local AD via Azure AD COnnect Sync every 30 minutes. If you configure Password Write Bacl(Additional Licensing Cost - pRemium Azure AD License needed for that P1/P2) then you can write back password from Azure AD to your Local AD as well.

Update Azure AD Connect - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-migrate-adfs-password-hash-sync  & https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-migrate-adfs-pass-through-authentication

Both ways you have to (Mandate) upgrade your Azure AD Connect Version 🙂 

Prerequisites for migrating to pass-through authentication

The following prerequisites are required to migrate from using AD FS to using pass-through authentication.

Update Azure AD Connect

To successfully complete the steps it takes to migrate to using pass-through authentication, you must have https://www.microsoft.com/download/details.aspx?id=47594 (Azure AD Connect) 1.1.819.0 or a later version. In Azure AD Connect 1.1.819.0, the way sign-in conversion is performed changes significantly. The overall time to migrate from AD FS to cloud authentication in this version is reduced from potentially hours to minutes.

As a minimum to successfully perform the steps to migrate to password hash synchronization, you should have https://www.microsoft.com/download/details.aspx?id=47594 1.1.819.0. This version contains significant changes to the way sign-in conversion is performed and reduces the overall time to migrate from Federation to Cloud Authentication from potentially hours to minutes.

Update your Azure AD Connect and you should be all fixed 🙂

Cheers !

Ankit Shukla