cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

password hash sync or passthrough sync with sso

SchylgeICT
Copper Contributor

‎Mar 28 2020 12:34 AM - last edited on ‎Feb 01 2023 10:08 AM by

‎Mar 28 2020 12:34 AM - last edited on ‎Feb 01 2023 10:08 AM by

password hash sync or passthrough sync with sso

Dear reader,

 

I'm planning for migrating our env. We will go to a hybrid env. The question i have is about adconnect and the different choices. With password has sync a copy of th eusers password will be maintained in ad. I can understand that when a users is at home at a non domain joined machine he/she will be able to logon to o365. But what happens when you choose passthruoghr sync? A password at azure will not be available, will the same user be able to logon to o365 at a non domain joined machine at home? If he/she can, where does authentication take place? If auth happens on the local ad through adconnect, then what will happen if the local ad is unreachable because of a poweroutage or somthing?

Thanks in advance,

best regards Ruud  Boersma

1,549 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by SchylgeICT (Copper Contributor)
Vasil Michev

‎Mar 28 2020 09:57 AM

‎Mar 28 2020 09:57 AM

Solution

Re: password hash sync or passthrough sync with sso

They will not be able to authenticate. For this reason, it's recommended to configure Password-hash sync as a fallback option, but that process is not automatic, so have that in mind. 

0 Likes
Reply
Chris Webb

‎Mar 28 2020 01:50 PM

‎Mar 28 2020 01:50 PM

Re: password hash sync or passthrough sync with sso

As Vasil said if it’s down they cannot login. Basically you get an agent of sorts that azuread connects back to do the auth onprem.

As for users at home it will work fine long as your onprem AD is online as the auth will pass through to your ad servers basically.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by SchylgeICT (Copper Contributor)
Vasil Michev

‎Mar 28 2020 09:57 AM

‎Mar 28 2020 09:57 AM

Solution

Re: password hash sync or passthrough sync with sso

They will not be able to authenticate. For this reason, it's recommended to configure Password-hash sync as a fallback option, but that process is not automatic, so have that in mind. 

View solution in original post

0 Likes
Reply