Directory Synchronization with weak AD passwords

cosy M 6 Reputation points

Hi All,

We are planning to turn off the Directory synchronization ( Cloud Sync) using the following command.

Set-MsolDirSyncEnabled -enabledirsync $false

So what will happen to the users with week passwords previously conformed to their on-premises directory password policy?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,305 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marcin Policht 8,260 Reputation points MVP

    In short, assuming you are using password hash sync, nothing - until they decide to change/reset the password. That's when the password policy applies.

    Password are stored as non-reversible hashes.

    If you are using pass-through, they will need to have their passwords set (regardless of their complexity)



  2. Thameur-BOURBITA 32,496 Reputation points

    Hi @cosy M

    When you disable the directory synchronization , user will able to use his password.

    The password policy will applied on the next password reset.

    It's the same when you change the password policy in active directory , it will be applied at the next password reset.

    So, to be sure that the password policy is applied you should ask all users to change password after turning off directory synchronization.

    Please don't forget to accept helpful answer

    0 comments No comments