SOLVED

What happens to locked out on premise account, when synced to O365?

Iron Contributor

Can someone please point me to the articles, i cannot find them online.

 

What happens to locked out on premise account, when synced to O365?

 

Can the user continue to login to O365, send/receive email etc?

5 Replies

What i have found so far.

 

In my on premise directory, i locked out a test account, and run adsync.

 

Using the test account i can still authenticate to office365 mail, sharepoint, onedrive etc..

 

Is this expected?

best response confirmed by AndrewX (Iron Contributor)
Solution
The attribute "lockedouttime" which shows when/if an account is locked, does not get synced to o365.

If we WANT locked on-prem users to not be allowed to sign-in online we can add a filter rule to ADConnect/ADSync.

Hi Andrew, did you test this out and manage to get it working successfully?

Hi Peter

Well i confirm that it works as expected. A locked on-premise account had no impact on the synced O365 account, as the relevant attribute is not also synced.

Regarding the rule to transform the attribute to block O365 sign-in, I have not yet tried this, but there is no reason why it would not work.
Are you using Password sync or ADFS?
1 best response

Accepted Solutions
best response confirmed by AndrewX (Iron Contributor)
Solution
The attribute "lockedouttime" which shows when/if an account is locked, does not get synced to o365.

If we WANT locked on-prem users to not be allowed to sign-in online we can add a filter rule to ADConnect/ADSync.

View solution in original post