password not reflecting in Office 365

Steel Contributor

password not reflecting in Office 365

 

No error in Azure AD connect

 

recent password sync is reflected in admin portal

 

when we try to login, got error below

 

User can sign in to local AD using the password

 

Capture.PNG

 

Any known issues?

 

thanks

11 Replies
Last time i had this happen, after tearing my hair out and a call to Microsoft it turned out to be that I actually had Passthrough Authentication setup and the agent wasn't responding properly until I reboot the adsync server. I switched to Password sync only after that.

Check your adconnect and see if you guys might have Passthrough setup, if so I'd check into maybe rebooting so the agent that handles that gets reset.

If Passthrough was in use another thing to check is to see if you are actually not using preview version of agents. I'm not sure when they should stop working, but updating them is a must anyway (for security and compatibility concerns). https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-upgrade-preview-au...

We have also recently switched from PTA to Password sync, but i still have updated the agents in case PTA will be needed again in the future.

Is this a single user, a group of users, all users? Any errors in the event logs? Have you run a full password sync cycle?

 

There's a very detailed article on troubleshooting issues with PHS here: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-password-hash-synchron...

Sometimes the sync with online portal take more than 48 hrs. are you able to login now?

affects all user

 

Got error 611 below in Event viewer of AD Connect server:

 

unable to open connection to domain: contoso.com, an exeption occured while attempting to locate domain controller for domain contoso.com; system security authentication exception the username password is incorrect

 

Azure Ad connect version is 1.1.654.0

Have you reboot you ad connect server yet?

Yes, restarted already

 

also with EVENT error 611, RPC ERROR 1722

 

You never did confirm if your using just password sync or pass through auth.
am using password sync only
1722 is relocation errors. You may need to do some searching on that and do some research around checking your replication health. Repladmin etc.

As @Chris Webb said, this looks like a replication issue! could also be a network ports issue

 

Run dcdiag on your DC..see whats comes up!

Info, how to use: 

https://activedirectorypro.com/dcdiag-check-domain-controller-health/

I usually use dcdiag /c /v /q

( /q only displays errors which can be preferable ) 

 

Also run 

repadmin /replsum and 

repadmin /showrepl

 

Download portQry and run the domain test:

https://www.microsoft.com/en-us/download/details.aspx?id=24009

 

Also check your logs in eventviewer for more errors on the ADconnect server and DC's

 

/ Adam