Linux - Azure Domain services authentication

Question

Linux server bound to Azure Domain Services for authentication. Some user are seeing that their password is not being updated, when they attempt to login their password is refused. If they try old password it works without issue. Other users are OK, server recognizes the password changes. We have waited beyond 20min (2hrs) for the passwd to change, still have issue. Health of domain services is reporting running with no alerts.
Thank you

Answer 1

That is not normal indeed, if you ahve verified the password is up to date in Azure AD (see audit logs) it shouldn't take lnger than a minute to be effective in AADDS, I would suggest to raise a case with support to look into further.

Answer 2

@MikeMacNeil-5031,

Yes, This requires a deeper investigation, so if you have a support plan, I request you file a support ticket, else please send an email to AzCommunity[at]Microsoft[dot]com referencing this thread and your Azure subscription id so that we will help you get a one-time free technical support.

Thank you for your cooperation on this matter and look forward to your reply.

Answer 3

Found solution - not Azure DS issue. Linux runs a service sssd that gets the credentials form Azure DS. These can become stale for various reasons. I flushed the cache for my user and it worked after 2 cycles for the Azure DS. I used both the short username and username@keyman .com

Look up 'sssd' linux service for a detailed list of commands.

Hope this helps someone out there.