This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 54%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
Hi.
I recently discovered that some users with expired AD passwords are still working as if nothing has changed, which caught me by surprise. All the users affected do not use the VPN on a regular basis, or sign into Office 365. They all use desktop office for their email (Outlook) and chats (Teams). We are all still working from home.
It seems that a user is only challenged to update their expired password once they physically authenticate against the domain controller(s). But what if they never do? This means a user with an expired password will continue to send/receive emails and send chats in Teams regardless of when their password expired, unless they perform a "logon".
I ran a PowerShell script to elucidate more and found that we have dozens of users in this boat. Some users have passwords that expired YEARS ago!
Is this by design? In that the password expiration field is pointless until said account actively connects to the domain? Why is the "expiration" field/property not part of the user SID? I'm baffled.
We have on premise domain controllers which syncs out to Office 365 via ADSync.
Any help appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Sounds like sync may be broken. The product group for Office 365 actively monitors questions over at
https://techcommunity.microsoft.com/t5/office-365/ct-p/Office365
--please don't forget to upvote and Accept as answer if the reply is helpful--
HI DSPatrick
I have run all diagnostics I could find and sync appears to be working just fine. I can also see on Office 365 that ADSync regularly syncs (including password sync).
Thanks, I'll ask over on the Tech Community forum as well.
Sounds good, you're welcome please don't forget to close up the thread by 
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--