AAD Connect synchronization of pwdLastSet

Antonello Ledda Admin 1 Reputation point
2021-11-11T07:25:51.393+00:00

Hello

We have an hybrid environment , AD on prem synchronized by AAD Connect to Azure AD using password hash sync , and we want to get the on prem AD attribute pwdLAstSet synchronized with the corresponding one lastPasswordChangeTimestamp on Azure AD .

Is it possible to achieve this simply changing to the current system time the attribute "pwdLastSet" , by assigning "0" and in turn "-1" to it , as explained in the page ? :

https://social.technet.microsoft.com/Forums/en-US/6622c897-c460-41ce-a237-a6eabff3ca12/why-cant-i-se...

I tried but actually the attribute isn't synchronized , it gets aligned only If I really make a password reset on prem but I'd rather avoid on prem users change their passwords .

Thanks a lot.

Regards

Antonello

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,150 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,141 Reputation points Microsoft Employee
    2021-11-12T19:24:55.887+00:00

    Hi @Antonello Ledda Admin ,

    If your goal is to just make sure those values are synchronized, my understanding is that if you have password writeback enabled, the pwdlastset and LastPasswordChangeTimestamp should update accordingly (maybe a few minutes off at most).

    See: Concept SSPR Writeback
    Password Expiration With AAD Connect

    I haven't tried the manual script that you described, but doing that should just reset the password expiration and move the Last Reset Date.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.