Dec 05 2018 07:54 PM
password not reflecting in Office 365
No error in Azure AD connect
recent password sync is reflected in admin portal
when we try to login, got error below
User can sign in to local AD using the password
Any known issues?
thanks
Dec 05 2018 08:50 PM
Dec 06 2018 12:15 AM
If Passthrough was in use another thing to check is to see if you are actually not using preview version of agents. I'm not sure when they should stop working, but updating them is a must anyway (for security and compatibility concerns). https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-upgrade-preview-au...
We have also recently switched from PTA to Password sync, but i still have updated the agents in case PTA will be needed again in the future.
Dec 06 2018 12:19 AM
Is this a single user, a group of users, all users? Any errors in the event logs? Have you run a full password sync cycle?
There's a very detailed article on troubleshooting issues with PHS here: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-password-hash-synchron...
Dec 06 2018 09:30 AM
Sometimes the sync with online portal take more than 48 hrs. are you able to login now?
Dec 06 2018 06:20 PM - edited Dec 06 2018 06:21 PM
affects all user
Got error 611 below in Event viewer of AD Connect server:
unable to open connection to domain: contoso.com, an exeption occured while attempting to locate domain controller for domain contoso.com; system security authentication exception the username password is incorrect
Azure Ad connect version is 1.1.654.0
Dec 06 2018 06:25 PM
Dec 06 2018 06:58 PM - edited Dec 06 2018 06:59 PM
Yes, restarted already
also with EVENT error 611, RPC ERROR 1722
Dec 06 2018 06:59 PM
Dec 06 2018 07:04 PM
Dec 06 2018 11:21 PM
As @Chris Webb said, this looks like a replication issue! could also be a network ports issue
Run dcdiag on your DC..see whats comes up!
Info, how to use:
https://activedirectorypro.com/dcdiag-check-domain-controller-health/
I usually use dcdiag /c /v /q
( /q only displays errors which can be preferable )
Also run
repadmin /replsum and
repadmin /showrepl
Download portQry and run the domain test:
https://www.microsoft.com/en-us/download/details.aspx?id=24009
Also check your logs in eventviewer for more errors on the ADconnect server and DC's
/ Adam