AADConnect password sync direction


  • Hi,

    Does AADConnect support bi-directional password sync (so from on-prem to Azure cloud and vice versa)?

    So if I change my password on-prem, AADConnect syncs the pwd to my Azure account?

    And if I change my password in Azure, AADConnect syncs the pwd back to my on-prem account?

    Assume that AADConnect is already setup and synchronising my on-prem identities with Azure.

    Cheers & Thanks


    mardi 3 juillet 2018 21:51


Toutes les réponses

  • Hi,

    first of all the password is never synced, it is a hash from a hash (and so on).

    AADC has a password hash sync from onPrem to AAD and also has an password writeback from AAD SSPR form to on-Prem.

    So in fact if you reset your PW with AAD SSPR your onPrem PW is reset and then synced back to AAD.


    Password write-back does not depend on PW hash sync you can also implement it with ADFS or PTA (pass-through auth) if you like.

    PW writeback service on AADC opens some kind of outbound VPN which will be used in reverse to send the PW back to onPrem an set it on the DC.


    Peter Stapf - ExpertCircle GmbH - My blog:

    • Marqué comme réponse Shim Kwan mardi 10 juillet 2018 23:42
    mercredi 4 juillet 2018 08:14
  • Thanks Peter, so just to be sure:

    Let's say I change my domain password from my domain joined workstation...AADConnect will sync the hash to Azure - correct?

    Later, I use Azure SSPR to reset my password...and AADConnect will once again write-back the hash to my on-prem AD account - correct?

    So effectively I can have bi-directional password hash sync now? (PCNS was always uni-directional, that's why I am double-checking AADConnect isn't)

    thank you

    • Modifié Shim Kwan mercredi 4 juillet 2018 22:10
    mercredi 4 juillet 2018 22:09
  • Hi,

    yes thats right, it feels like a to way password (hash) sync.

    PCNS is not only uni-directional it also can only sync password when captured as clear text thats while the PCNS exists. AADC can sync already present password hashes.


    Peter Stapf - ExpertCircle GmbH - My blog:

    • Marqué comme réponse Shim Kwan mardi 10 juillet 2018 23:42
    jeudi 5 juillet 2018 12:45
  • Thank you Peter
    mardi 10 juillet 2018 23:42