Office 365 – A users password is not working

Hi,

In my environment there is a DirSync server with password sync, an Active Directory and a tenant for Office 365.
Some users had issues logging on to their Outlook and Skype even though they were using the correct information.
After some troubleshooting we noticed that the password sync had failed for these users.

The first step to figure this out was to change the users password from the Office 365 administration portal.
We had no issues logging on with the new password that was created.

Set-FullPasswordSync

To solve this we took the following steps.
On the DirSync server, open powershell and run Import-Module Dirsync.
Run the cmdlet Set-FullPasswordSync.
Run services.msc
Restart the service Forefront Identity Manager Synchronization Service and its dependency.

The command Set-FullPasswordSync synchronizes all passwords being used in the local domain to the Azure AD associated with your Office365 tenant.

It is also possible to force this password sync if you are using Azure Active Directory Sync Services.
Create a .ps1 script on the server and add the following.

$adConnector = "nianit.local" # Replace with your AD Connector name
$aadConnector = "nianit.onmicrosoft.com - AAD" # Replace with your AAD Connector name
 
Import-Module adsync
$c = Get-ADSyncConnector -Name $adConnector
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter “Microsoft.Synchronize.ForceFullPasswordSync”, String, ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c.GlobalParameters.Remove($p.Name)
$c.GlobalParameters.Add($p)
$c = Add-ADSyncConnector -Connector $c
 
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $true

You can verify the success or failure of the job using Event Viewer.
Look in the Application Log on the server for event ID 656 and 657.
In the event you will find the identity of the users whose password are being synchronized.

Good luck with your synchronizations in the future and post comments if you have any questions.

Leave a Reply

Your email address will not be published. Required fields are marked *