My ramblings on the stuff that holds it all together
Category Archives: o365
If you manage an Office365 tenant like I do for my lab, and are security minded you may decide to change the password of the account you configured AAD Connect to use to talk to your on-prem Active Directory. For example if maybe you were lazy and used the default domain administrator account in your lab…. tut, tut :)) you need to update AAD Connect to reflect the new password otherwise you’ll get “Password sync Warning: no recent synchronization” on your admin page and no password changes will sync to Office365.
*I* thought you did this by running the Azure AD Connect tool and re-entering the password there, refreshing the directory. nope and other error logging is a bit sparse, other than the warning in the o365 tenant admin portal.
Password sync Warning: no recent synchronization on Office365
There are some excellent PowerShell utils for debugging this stuff in this post
in my case I got an error back like the following;
AAD Tenant - MyTenant.onmicrosoft.com
Password hash synchronization cloud configuration is enabled
AD Connector - MyDomain.tld
Password hash synchronization is enabled
No password hash synchronization heartbeat is detected
Directory Partition - MyDomain.tld
Password synchronization agent had a problem to resolve a domain controller in the domain "MyDomain.tld" at: 07/
11/2017 16:38:19 UTC
Please make sure AD Connector account username and password are correct
Only Use Preferred Domain Controllers: False
Checking connectivity to the domain...
Domain "MyDomain.tld" is reachable
Would you like to diagnose single object issues? [y/n]: n
For more help:
+ Please see - https://go.microsoft.com/fwlink/?linkid=847231 or
+ Open a service request through Azure Portal or Office 365 Admin Portal.
Which led me to think maybe AAD Connect was still using the old password.
To actually change the password and configure more details there is another utility outside of the Azure Connect wizard called “Synchronization service” which resides under “Azure AD Connect” on your start menu, run this. select the connectors to MyDomain.tld hit properties/Connect to AD Forest and update the password for the account you use to connect to on-prem AD.
You can also use this utility to configure a preferred domain controller if you don’t want it to follow the normal DC discovery process (useful if you have a segregated environment)
Blogged for when I have to do this again and invariably forget how..