Why can an account expire on-prem and still access email, Teams, etc.?

Occasional Contributor

Hello everyone! 

 

I am currently dealing with an issue where one of my user's accounts expired on our prem solution (which should be synced with AD through AD Connect), but they can still access their email, teams, and all that good stuff. It doesn't seem to have synced up correctly with Azure AD. 

 

Can someone help with this issue or throw some suggestions my way? :)

9 Replies
Thanks for your reply! I will read these and see if that fixes the issue :)
I will try the PS Script. What was the purpose of including the Password Hash link? Do you think it could be an issue as well?
account expiration isnt a replicated value of Adconnect

unless you have something onprem running to check expirations & then disable the local AD Account once expiration has been reached the users will still be able to sign in /user Azure/365 resources since to Azure AD the user is still enabled
Yeah, it's explained in the above links. If applicable one can use the EnforceCloudPasswordPolicyForPasswordSyncedUsers

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchro...
Ok, I was reading the OPs post from the view of AD account expiration, not password expiration

@TuckerGreen, can you confirm if you were dealing with PW expiration or AD account expiration
That's the first of the two links above ;) I changed the display name to make it clearer.