Forum Discussion

yzgulec's avatar
yzgulec
Copper Contributor
Sep 15, 2020

Configuring Password Expiration Policy with Password Hash Sync

We are using Password Hash Sync to sync users from on-prem to o365. I try to enable password expiration on O365 so I used below command to enable it without any problem:   Set-MsolDirSyncFeature -F...
office 365
ChristianBergstrom's avatar
ChristianBergstrom
Silver Contributor
Sep 16, 2020

yzgulec Hi, as far as I understand that is set to "none" by default when using EnforceCloudPasswordPolicyForPasswordSyncedUsers

 

"Once enabled, Azure AD does not go to each synchronized user to remove the DisablePasswordExpiration value from the PasswordPolicies attribute. Instead, the value is set to None during the next password sync for each user when they next change their password in on-premises AD. "

 

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization#enforcecloudpasswordpolicyforpasswordsyncedusers

yzgulec's avatar
yzgulec
Copper Contributor
Sep 16, 2020

ChristianBergstrom Thanks for reply.

 

I tested and noticed that when user changes on-prime password and synced to O365, the "PasswordPolicies" attribute becomes "None" (Exactly same as stated "Instead, the value is set to None during the next password sync for each user when they next change their password in on-premises AD. ")

 

But I couldn't manage the change it manually by using PS commands. 

Resources