AAD Connect synchronization of pwdLastSet

Antonello Ledda Admin 1 Reputation point


We have an hybrid environment , AD on prem synchronized by AAD Connect to Azure AD using password hash sync , and we want to get the on prem AD attribute pwdLAstSet synchronized with the corresponding one lastPasswordChangeTimestamp on Azure AD .

Is it possible to achieve this simply changing to the current system time the attribute "pwdLastSet" , by assigning "0" and in turn "-1" to it , as explained in the page ? :


I tried but actually the attribute isn't synchronized , it gets aligned only If I really make a password reset on prem but I'd rather avoid on prem users change their passwords .

Thanks a lot.



Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,547 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 22,291 Reputation points Microsoft Employee

    Hi @Antonello Ledda Admin ,

    If your goal is to just make sure those values are synchronized, my understanding is that if you have password writeback enabled, the pwdlastset and LastPasswordChangeTimestamp should update accordingly (maybe a few minutes off at most).

    See: Concept SSPR Writeback
    Password Expiration With AAD Connect

    I haven't tried the manual script that you described, but doing that should just reset the password expiration and move the Last Reset Date.