How to revert back to Federated User Sign-Ins from Password Hash Sync Authentication Method?

user20201 276 Reputation points

Is it possible to revert back my user sign-ins in Azure AD Connect from password hash sync back to federated? If so, what are the impacts for the users that are already migrated to managed authentication?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,618 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,030 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 55,521 Reputation points

    Hi @user20201 • Thank you for reaching out.

    If you are using ADFS for federation, you need to run Convert-MsolDomainToFederated cmdlet on your ADFS Server.

    If you are using an STS other than ADFS, you need to run Set-MsolDomainFederationSettings cmdlet.

    You may also consider Setting up PHS as backup for AD FS in Azure AD Connect to avoid single point of failure if your on-premises ADFS/3rd party STS goes down.

    The impact would be, rather than authenticating directly from Azure AD, federated users will be redirected to the federation server for authentication. If you have any applications, that uses ROPC flow and doesn't support redirection (e.g. Postman), it will throw AADSTS50126 error. In that case, you will have to perform the steps, I have mentioned here:


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful