AAD Connect synchronization of pwdLastSet

Copper Contributor

Hello 

 

We have an hybrid environment , AD on prem synchronized by AAD Connect to Azure AD using password hash sync , and we want to get the on prem AD attribute pwdLAstSet synchronized with the corresponding one lastPasswordChangeTimestamp on Azure AD .

 

Is it possible to achieve this simply changing to the current system time the attribute "pwdLastSet" , by assigning "0" and in turn "-1" to it , as explained in the page ? :

 

https://social.technet.microsoft.com/Forums/en-US/6622c897-c460-41ce-a237-a6eabff3ca12/why-cant-i-se...

 

I tried but actually the attribute isn't synchronized , it gets aligned only If I really make a password reset on prem but I'd rather avoid on prem users change their passwords .

 

Thanks a lot.

 

Regards 

 

Antonello 

2 Replies
Hi

Anybody ?

Thanks

Antonello

Hallo Antonello

If your question is still open:
You can configure the Azure AD Connect Client with the option "Directory extension attribute sync" to sync the attribut "pwdLastSet" from AD to AAD.
The timestamp can then be seen in Azure AD.

See more detailed configuration information:
https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/user-provisioning-sync-attr...
or
https://www.cloudkaffee.ch/microsoft-azure/azure-ad-connect-directory-extensions-verzeichniserweiter...


maybe that will help you
best
Oli