If you want to enforce password synchronization with Azure AD Connect, here is a simple way to do it?
Windows server event log
Search for event 656/650/657 in the application log after running the PowerShell commands in the next section.
PowerShell
Launch your PowerShell ISE or a PowerShell prompt.
powershell
Import modules adsync
$aadcon = Get-ADSyncConnector | Where {$_.Type -eq "Extensible2"}
$adcon = Get-ADSyncConnector | Where {$_.Type -eq "AD"}
$c = Get-ADSyncConnector -Name $adcon.Name
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c.GlobalParameters.Remove($p.Name)
$c.GlobalParameters.Add($p)
$c = Add-ADSyncConnector -Connector $c
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adcon.Name -TargetConnector $aadcon.Name -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adcon.Name -TargetConnector $aadcon.Name -Enable $true
New way
- Open the PowerShell command prompt as administrator.
- Run the command
ADSync import module. This imports the Azure AD Connect module. - Run the command
Start-ADSyncSyncCycle -PolicyType Delta. This initiates a delta sync cycle that only synchronizes the changes since the last sync. - To check the current synchronization status, run the command
Get-ADSyncScheduler. - To force a full synchronization, run the command
Start-ADSyncSyncCycle -PolicyType Initial.
Results
You should be able to see the synchronization of your passwords after running the PowerShell script.
