Share via

How to sync only passwords for specific users from AD to Office365?

Rawee 0 Reputation points
2023-04-19T14:15:50.9733333+00:00

Hi, We want to sync only passwords from AD to Office365 using Azure AD Connect for a specific users in an OU. How can we do that? Thank you.

Microsoft Security Microsoft Entra Microsoft Entra ID

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 27,211 Reputation points Microsoft Employee Moderator
    2023-04-19T18:55:09.4633333+00:00

    Hi @Rawee , to sync only passwords for specific users in an OU using Azure AD Connect, you can set up selective password hash synchronization. Here's a summary of the steps you need to follow:

      1. Disable the synchronization scheduler by running the following PowerShell command: Set-ADSyncScheduler -SyncCycleEnabled $false
    2. Create custom synchronization rules using the Synchronization Rules Editor:
      • Create a rule to disable password hash sync for users with the adminDescription attribute set to PHSFiltered.
      • Create another rule to enable password hash sync for users with the adminDescription attribute set to PHSIncluded.
    3. Re-enable the synchronization scheduler by running the following PowerShell command: Set-ADSyncScheduler -SyncCycleEnabled $true
    4. Edit the adminDescription attribute for the users you want to include or exclude from password hash synchronization in Active Directory:
    • For users to be included, set the adminDescription attribute to PHSIncluded.
    • For users to be excluded, set the adminDescription attribute to PHSFiltered. For a detailed step-by-step guide, please refer to the Selective Password Hash Synchronization for Azure AD Connect documentation. Please let me know if you have any questions and I can help you further. If this answer helped you please mark it as "Verified" so other users can reference it. Thank you, James
    0 comments
  2. Rawee 0 Reputation points
    2023-04-20T18:11:12.6766667+00:00

    Hi James, Thank you for your help. I am getting this warning when I try to edit the clone of the rule "In from AD - User AccountEnabled". User's image

    If I click Yes, I got an error. User's image

    Please advise. Thank you.

  3. Rawee 0 Reputation points
    2023-04-20T18:43:51.4666667+00:00

    Hi there, Sorry if I haven't formulated clearly my question. We are a large organization and we have some users with their Azure account. We want to sync only the password for these and only these users. 1- How can we exclude the users that don't have an Azure account from the syn? 2- How can we sync passwords only and not other users attributes? 3- How can we exclude the groups from the sync? If someone has already done that, please share the steps. Thank you.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.