Directory Synchronization with weak AD passwords

cosy M 6 Reputation points
2024-03-20T02:10:25.6566667+00:00

Hi All,

We are planning to turn off the Directory synchronization ( Cloud Sync) using the following command.

Set-MsolDirSyncEnabled -enabledirsync $false

So what will happen to the users with week passwords previously conformed to their on-premises directory password policy?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,305 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marcin Policht 8,260 Reputation points MVP
    2024-03-20T03:16:37.8833333+00:00

    In short, assuming you are using password hash sync, nothing - until they decide to change/reset the password. That's when the password policy applies.

    Password are stored as non-reversible hashes.

    If you are using pass-through, they will need to have their passwords set (regardless of their complexity)


    hth

    Marcin


  2. Thameur-BOURBITA 32,496 Reputation points
    2024-03-20T08:01:33.4833333+00:00

    Hi @cosy M

    When you disable the directory synchronization , user will able to use his password.

    The password policy will applied on the next password reset.

    It's the same when you change the password policy in active directory , it will be applied at the next password reset.

    So, to be sure that the password policy is applied you should ask all users to change password after turning off directory synchronization.

    Please don't forget to accept helpful answer

    0 comments No comments