cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

If AAD Connect is offline for an extended period of time

%3CLINGO-SUB%20id%3D%22lingo-sub-564607%22%20slang%3D%22en-US%22%3EIf%20AAD%20Connect%20is%20offline%20for%20an%20extended%20period%20of%20time%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-564607%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I'm%20running%26nbsp%3B%3CSPAN%3EAzure%20AD%20Connect%3C%2FSPAN%3E%20with%20password%20hash%20sync.%26nbsp%3B%26nbsp%3BMy%20current%20setup%20is%20working%20fine%2C%20but%20I%20want%20to%20know%20what%20the%20impact%20would%20be%20if%20there's%20a%20bad%20outage%20that%20takes%20on-premises%20environments%20offline.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20describe%20the%20impact%20if%20%3CSPAN%3EAzure%20AD%20Connect%3C%2FSPAN%3E%20is%20offline%20for%20an%20extended%20period%3F%20Possibly%2C%20a%20month%20or%20more%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20the%20end%20users%20eventually%20get%20locked%20out%20if%20%3CSPAN%3EAzure%20AD%20Connect%3C%2FSPAN%3E%20Connect%20does%20not%20sync%20for%20a%20certain%20period%20of%20time%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-564607%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn-Premises%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-564734%22%20slang%3D%22en-US%22%3ERe%3A%20If%20AAD%20Connect%20is%20offline%20for%20an%20extended%20period%20of%20time%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-564734%22%20slang%3D%22en-US%22%3ENew%20changes%20will%20not%20be%20synced%20of%20course%2C%20operational%20as%20normal%20otherwise!%20Of%20course%20this%20also%20depends%20on%20how%20you%20authenticate!%20If%20you%20are%20using%20adfs%20or%20pass-%20through%20auto%20you%20need%20to%20switch%20this!%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20could%20also%20turn%20off%20sync%20with%20ad%20connect%20in%20365%20and%20your%20users%20will%20be%20cloud%20only%20users!%20You%20can%20later%20connect%20merge%20the%20accounts%20if%20you%20have%20a%20new%20environment%20up%20and%20running!%20If%20you%E2%80%99re%20fixing%20the%20old%20just%20leave%20it!%3CBR%20%2F%3E%3CBR%20%2F%3EAdam%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-564757%22%20slang%3D%22en-US%22%3ERe%3A%20If%20AAD%20Connect%20is%20offline%20for%20an%20extended%20period%20of%20time%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-564757%22%20slang%3D%22en-US%22%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F289178%22%20target%3D%22_blank%22%3E%40hyperloop%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20it%20was%20in%20a%20scenario%20such%20as%20an%20outage%20of%20a%20month%20(a%20long%20period)%20you%20would%20likely%20disable%20Azure%20AD%20Connect%20as%20outlined%20here%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fenterprise%2Fturn-off-directory-synchronization%23turn-off-directory-synchronization%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fenterprise%2Fturn-off-directory-synchronization%23turn-off-directory-synchronization%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThen%20the%20users%20would%20convert%20to%20Cloud%20users%20again%20(not%20synchronised)%20and%20then%20you%20could%20change%20passwords%20if%20needed.%3CBR%20%2F%3E%3CBR%20%2F%3EOnce%20it%20was%20back%20up%20you%20can%20then%20resynchronise%20the%20users%20through%20soft%20matching.%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20that%20answers%20your%20question!%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-565634%22%20slang%3D%22en-US%22%3ERe%3A%20If%20AAD%20Connect%20is%20offline%20for%20an%20extended%20period%20of%20time%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-565634%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20you%20have%20password%20sync%20enabled%2C%20the%20cloud%20passwords%20are%20set%20to%20never%20expire%2C%20so%20even%20in%20the%20event%20of%20such%20long%20outage%20users%20will%20not%20get%20locked%20out.%3C%2FP%3E%3C%2FLINGO-BODY%3E
hyperloop
New Contributor

‎May 13 2019 12:49 PM

‎May 13 2019 12:49 PM

If AAD Connect is offline for an extended period of time

Hi, I'm running Azure AD Connect with password hash sync.  My current setup is working fine, but I want to know what the impact would be if there's a bad outage that takes on-premises environments offline. 

 

Can anyone describe the impact if Azure AD Connect is offline for an extended period? Possibly, a month or more?

 

Will the end users eventually get locked out if Azure AD Connect Connect does not sync for a certain period of time?

Labels:
901 Views
1 Like
3 Replies
Reply
3 Replies
adam deltinger

‎May 13 2019 01:19 PM

‎May 13 2019 01:19 PM

Re: If AAD Connect is offline for an extended period of time

New changes will not be synced of course, operational as normal otherwise! Of course this also depends on how you authenticate! If you are using adfs or pass- through auto you need to switch this!

You could also turn off sync with ad connect in 365 and your users will be cloud only users! You can later connect merge the accounts if you have a new environment up and running! If you’re fixing the old just leave it!

Adam
1 Like
Reply
Christopher Hoard

‎May 13 2019 01:24 PM

‎May 13 2019 01:24 PM

Re: If AAD Connect is offline for an extended period of time

Hi @hyperloop

If it was in a scenario such as an outage of a month (a long period) you would likely disable Azure AD Connect as outlined here

https://docs.microsoft.com/en-us/office365/enterprise/turn-off-directory-synchronization#turn-off-di...

Then the users would convert to Cloud users again (not synchronised) and then you could change passwords if needed.

Once it was back up you can then resynchronise the users through soft matching.

Hope that answers your question!

Best, Chris
1 Like
Reply
Vasil Michev

‎May 13 2019 11:30 PM

‎May 13 2019 11:30 PM

Re: If AAD Connect is offline for an extended period of time

If you have password sync enabled, the cloud passwords are set to never expire, so even in the event of such long outage users will not get locked out.

1 Like
Reply