I am in a Hybrid AD environment with 75% of my users at remote sites and they are using VPN to connect to shared file servers and to reset their log on passwords. If I enable Microsoft SSPR in the Azure environment and the user enables it for their profile, and then they reset their password with SSPR when they are off of the domain totally, without being connected to VPN, will their computer hash be updated when the AD Connect writeback sync completes, or will the computer still be associating the user with the former password, and as a result, when they are off of the domain they can connect to their machine, but once they are back on the domain, they are unable to connect because the hash did not sync? If this occurs would they get a trust error message? If they do get a trust issue, are they able to log into their computer with the old credential, join with the VPN, and then reset the credential using their new password? Or does SSPR work in such away that it sync both the user and the computer object, just like they were on the domain?