Also check if the synchronization happening without errors. With the install if use the express settings this is enabled by default. Then under the “ Optional Features” enable password hash synchronization.If not go back to the previous window and select option “ Customize Synchronization Options” and click next.In next window check if the password sync is enabled.Then in new window select the option “ View current configuration” and click on “ Next”.Log in to the server which have Azure Ad sync installed (with appropriate permissions).You can download it using, this is important as older version of Azure AD Connect do not have this sync feature.Īfter upgrade (or new install) make sure the password synchronization is enabled. The latest recommended version is 1.1.130.0 – published on April 12, 2016. These are not sync with azure ad by default.įirst thing first, if you have Azure AD connect installed in your servers, it need to upgrade with latest version. If you have on-premises AD and sync it already with Azure AD, we need to sync credential hashes required for NTLM and Kerberos authentication via Azure AD Connect. Once user log in to the portal click on the right hand corner where user name displays and then click on “ change password” Then select the user to reset the password and in the bottom click on RESET PASSWORD buttonĢ) Change Passwords from use logins – By login in to the Azure portal, users can reset their passwords. To do this, log in to Azure AD instance (which is enabled with Azure AD Domain services) and then click on users tab. So in next login, user need to provide new password.
It will generate temporally password for the user.
Once user reset the password it generate the credential hashes which is uses by azure ad domain services for Kerberos and NTLM Authentication.ġ) Force password reset – in the console we can reset the password for user. If you have cloud only setup the users who is going to use azure ad domain services need to change their passwords. This post is to explain how we can do it in cloud-only environment as well as in hybrid setup.
Then users can use their logins to log in to the managed domain services. Once the domain service are enabled the next step to sync the credentials to the Azure AD domain services. If you not read it yet you can find it here. In my previous post I have explain how to enable azure ad domain services.
0 kommentar(er)
