Share via

Password Hash Sync Password Reset timing

Dan Chandler-Klein 46 Reputation points
2022-08-17T18:45:01.193+00:00

I set up Password Hash Sync for our domain. We give new users a temporary password to sign in with and require them to change the password on login. The issue is that when the user resets their password it takes roughly 2ish minutes before the new password works. So they reset their password and login, but then when they launch an app like Teams or Outlook they are prompted to login again but the password they just created doesn't work unless they wait a few minutes. Do we have this setup wrong?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,553 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carlos Solís Salazar 18,186 Reputation points MVP Moderator
    2022-08-17T19:41:29.597+00:00

    Hi @Dan Chandler-Klein

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    There is nothing wrong with the Azure AD Connect configuration,

    The synchronization is, usually, happens every 30 minutes, and you cannot set the automatic synchronization for less time.

    You can force the synchronization with the following Powershell commands on the server where Azure AD Connect is installed:

    Start-ADSyncSyncCycle -PolicyType Delta

    This will only synchronize current changes.

    Run the following command to force a complete sync but note that the length of sync time would be increased.

    Start-ADSyncSyncCycle -PolicyType Initial

    More info: https://techcommunity.microsoft.com/t5/itops-talk-blog/powershell-basics-how-to-force-azuread-connect-to-sync/ba-p/887043

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

    0 comments
  2. Danny Zollner 10,801 Reputation points Microsoft Employee Moderator
    2022-08-18T21:00:34.113+00:00

    Azure AD Connect's Password Hash Sync service runs every two minutes. This means that you can expect an updated hash to be reflected inside of Azure AD within 2 minutes - it could be as short as a few seconds, or as long as 2 minutes, depending on when the change was made in relation to the next start time. This is documented here: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization

    There is not a supported way to lower this interval.

  3. SEYHA CHAB 0 Reputation points
    2025-02-06T05:12:36.98+00:00

    Dear @Danny Zollner Carlos Solís Salazar Good day to you. I have a question regarding the timing of password synchronization from AD Connect to Microsoft 365. As we know, synchronization usually occurs every 30 minutes. Is it possible to change this interval to less than 30 minutes, such as 10 or 5 minutes? Additionally, could you provide references and best practices for implementing this change in our organization?

    Looking forward to hearing from you soon.

    Best Regard,

    Seyha

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.