migrate users from Identity Server3 to AAD

Maksim Sialitski 1 Reputation point
2022-11-15T14:37:34.55+00:00

We would like to change our authentication and authorization system from IdentityServer3 to Azure AD
We have PaaS SQL server UserManagement database with user information.
The password is stored in a one-way encrypted format, such as with a hash function.
The password is stored by the IS3 in a way that we can't access. For example, when the identity provider validates credentials by calling a web service.
We have completed pre migration steps by exporting users to csv and creating them in AAD with default passwords using this:

> Connect-azuread
$users = import-csv C:\temp\Admin.csv
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "P@$$w0rd"
foreach ($usr in $users)
{
New-AzureADUser -DisplayName $usr.name -PasswordProfile $PasswordProfile -UserPrincipalName $usr.upn -AccountEnabled $true -MailNickName $usr.email
}

Question: Is it possible to do some kind of one way password hash sync to AAD to provide seamless login for end users via AAD

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,451 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Cristian SPIRIDON 4,471 Reputation points
    2022-11-15T20:11:18.93+00:00

    Hi,

    You can't reuse the passwords hash. That is the purpose of the password hash - to not be able to retrieve the password other that by knowing it. If the hash function is different then you can't reuse the hash.

    Hope this helps!

    0 comments No comments