New User accounts replication issue between AD and AAD



We provision all our new user accounts in on-premise AD. we have AAD connect configured with password hash synchronization. Our devices are Azure AD Joined only.

When we create a new user account with the following option ticked: 



and when that user logs in to the device which is Azure AD joined only, he gets an error message (password incorrect). However, if we don't tick that option, the user can login fine. 

In addition, i should say that password changes done on-premise are replicating to Azure AD and vice versa without any issues.

So, my question is to those who manage user identities on-premise and sync them to AAD, how are they dealing with this situation when they provision new user accounts? 


Thanks in advance everyone.

2 Replies
best response confirmed by ShehzadUIT (Contributor)



Hi, check out this for further information - - you can use PowerShell to set this functionality.


However, please note the caution in the article as shown below;


Screenshot 2020-08-11 at 16.16.09.png

@PeterRising Thank you for guiding me to the right link.


All i want to add for future viewers is that once you enable this, the password reset option doesn't appear on the device logon but appears when you try accessing SharePoint Online or OutLook (exchange online):