Share via

Password expired in A.D local but the users continue accessing the office 365 resources.

Adriano Cezar Sousa Neves 0 Reputation points
2025-02-18T20:27:50.63+00:00

Password expired in A.D local but the users continue accessing the office 365 resources.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. S.Sengupta 24,476 Reputation points MVP
    2025-02-18T23:54:55.4066667+00:00

    This happens because Office 365 does not immediately enforce on-premises Active Directory (AD) password expiration for synchronized users.

    You can manually force users to change passwords in Azure AD:

    Open PowerShell as Admin and copy-paste the following:

    Set-MsolUserPassword -UserPrincipalName ******@domain.com -ForceChangePassword $true

    You may run the following PowerShell command in Azure AD PowerShell:

    Set-MsolDirSyncFeature -Feature EnforceCloudPasswordPolicyForPasswordSyncedUsers -Enable $true

    0 comments
  2. Thameur-BOURBITA 36,261 Reputation points Moderator
    2025-02-21T19:10:12.0766667+00:00

    Hi @Adriano Cezar Sousa Neves

    Hi, They continued access to M365 resource with an expired password in AD , because the authentication is not performed by active directory , it should be managed by Entra ID or another IDP.

    In this case user can continue access on M365 ressource even the Password hash sync enabled until changing his passowrd in Aactive directory and sync it to Entra ID.

    Please don't forget to accept helpful answer

    0 comments
  3. Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
    2025-02-21T21:49:49.2666667+00:00

    Hi @Adriano Cezar Sousa Neves

    Thank you for reaching Microsoft Q&A Forum and Sorry for the delay response.

    If I understand correctly, the AD user's password expires but the users are able to access the office 365 resources with the expired password.
    May I know these AD users are synchronized to Entra ID with Entra Connect, if yes it might be the issue with password policy is not comply with the Entra ID.

    To fix this issue enable the CloudPasswordPolicyForPasswordSyncedUsersEnabled feature, which enforces cloud password policies for users whose passwords are synchronized from on-premises Active Directory (AD) to Entra ID (Azure AD). This ensures that synchronized users comply with the Azure AD password expiration policy, even if their on-premises password has expired. By default, this feature is disabled.
    Reference: CloudPasswordPolicyForPasswordSyncedUsersEnabled

    Hope this helps. Do let us know if you any further queries by responding in the comments section.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.