Mar 22 2018
- last edited on
Jul 24 2020
I was excited to turn on Pass-Through Authentication but as I was going through it I began to wonder if this would prevent mobile devices from authenticating (as well as PCs that aren't under domain control).
As I understand it, Password Hash Synchronization is disabled when you enable Pass-Through Authentication. One of the FAQs says that authentication does not automatically fallback to Password Hash when Pass-Through is unavailable.
That's a non-starter if true. I can't imagine that it's true so can someone explain what will actually happen?
Mar 22 2018 11:58 AM
Not sure what the question here is? PTA works for any device, as long as the client supports Modern authentication. ActiveSync is also supported. And you can certainly enable password hash sync, it's just that the "fallback" is not automatic. Read here: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-thr...
Mar 22 2018 12:20 PM
Mar 23 2018 12:41 AM
Logging in with a synced password doesn't work. The actual password sync process will work. But you need to change the sign-in method before users are able to login, because as long as PTA is active the login attempt with be redirected On-Prem.
Mar 23 2018 08:09 AM
Mar 23 2018 08:54 AMSolution