If you want to force a password synchronisation with Azure AD Connect, here's a simple way to do it.
Windows Server event log
Search for event 656/650/657 in the Application log after running the PowerShell commands in the next section.
PowerShell
Start your PowerShell ISE or a PowerShell prompt.
powershell
Import-Module adsync
$aadcon = Get-ADSyncConnector | Where {$_.Type -eq “Extensible2”}
$adcon = Get-ADSyncConnector | Where {$_.Type -eq “AD”}
$c = Get-ADSyncConnector -Name $adcon.Name
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter “Microsoft.Synchronize.ForceFullPasswordSync”, String, ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c.GlobalParameters.Remove($p.Name)
$c.GlobalParameters.Add($p)
$c = Add-ADSyncConnector -Connector $c
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adcon.Name -TargetConnector $aadcon.Name -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adcon.Name -TargetConnector $aadcon.Name -Enable $true
New approach
- Open the PowerShell command prompt as an administrator.
- Run the command Import-Module ADSync. This imports the Azure AD Connect module.
- Run the command Start-ADSyncSyncCycle -PolicyType Delta. This initiates a delta sync cycle that only synchronises changes since the last sync.
- To check current sync status, run the command Get-ADSyncScheduler.
- To force a full sync, run the command Start-ADSyncSyncCycle -PolicyType Initial.
Result
You should see your passwords being synchronised after running the PowerShell script.