Oct 28 2021 02:26 AM - edited Nov 02 2021 03:43 AM
Hello
We have an hybrid environment , AD on prem synchronized by AAD Connect to Azure AD using password hash sync , and we want to get the on prem AD attribute pwdLAstSet synchronized with the corresponding one lastPasswordChangeTimestamp on Azure AD .
Is it possible to achieve this simply changing to the current system time the attribute "pwdLastSet" , by assigning "0" and in turn "-1" to it , as explained in the page ? :
I tried but actually the attribute isn't synchronized , it gets aligned only If I really make a password reset on prem but I'd rather avoid on prem users change their passwords .
Thanks a lot.
Regards
Antonello
Jan 07 2022 02:51 AM - edited Jan 23 2022 04:59 AM
Hallo Antonello
If your question is still open:
You can configure the Azure AD Connect Client with the option "Directory extension attribute sync" to sync the attribut "pwdLastSet" from AD to AAD.
The timestamp can then be seen in Azure AD.
See more detailed configuration information:
https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/user-provisioning-sync-attr...
or
https://www.cloudkaffee.ch/microsoft-azure/azure-ad-connect-directory-extensions-verzeichniserweiter...
maybe that will help you
best
Oli