Share via

Password Hash Sync Password Reset timing

Dan Chandler-Klein 41 Reputation points
2022-08-17T18:45:01.193+00:00

I set up Password Hash Sync for our domain. We give new users a temporary password to sign in with and require them to change the password on login. The issue is that when the user resets their password it takes roughly 2ish minutes before the new password works. So they reset their password and login, but then when they launch an app like Teams or Outlook they are prompted to login again but the password they just created doesn't work unless they wait a few minutes. Do we have this setup wrong?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,630 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carlos Solís Salazar 17,791 Reputation points MVP
    2022-08-17T19:41:29.597+00:00

    Hi @Dan Chandler-Klein

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    There is nothing wrong with the Azure AD Connect configuration,

    The synchronization is, usually, happens every 30 minutes, and you cannot set the automatic synchronization for less time.

    You can force the synchronization with the following Powershell commands on the server where Azure AD Connect is installed:

    Start-ADSyncSyncCycle -PolicyType Delta

    This will only synchronize current changes.

    Run the following command to force a complete sync but note that the length of sync time would be increased.

    Start-ADSyncSyncCycle -PolicyType Initial

    More info: https://techcommunity.microsoft.com/t5/itops-talk-blog/powershell-basics-how-to-force-azuread-connect-to-sync/ba-p/887043

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

    0 comments
  2. Danny Zollner 9,871 Reputation points Microsoft Employee
    2022-08-18T21:00:34.113+00:00

    Azure AD Connect's Password Hash Sync service runs every two minutes. This means that you can expect an updated hash to be reflected inside of Azure AD within 2 minutes - it could be as short as a few seconds, or as long as 2 minutes, depending on when the change was made in relation to the next start time. This is documented here: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization

    There is not a supported way to lower this interval.

    0 comments