Office 365 Fix: No Recent Password Synchronization

office 365 azure active directory dirsync no recent password status fix

As organizations continue to migrate over to Office 365, there are some common issues that are being reported more often. One of these issues in particular is the “No Recent Password Synchronization” error. If reporting is set up in your environment, Microsoft will typically send an e-mail to any registered ‘Global Admin’ with the notice of this issue. Alternatively, you can also confirm by checking the home page of your Office 365 Admin Portal.

You may experience this issue for these situations:

  • Recently upgraded Azure AD Connect to a newer version
  • Azure AD Connect is configured with a separate SQL Server for processing and the connections time-out
  • Recently restarted the server which hosts the Azure AD Connect software

How Does It Affect My Business?

Though not as critical as other Azure synchronization services, this service handles the synchronization of user passwords to the Office 365 service. Without this service, users may experience “incorrect password” errors when attempting to logon if they recently updated their password or had it reset.

Resolution

The good news is that there are two (3) possible resolutions for this error. These resolutions are intended for an individual who is comfortable with the technical aspects of the affected service.

Option 1: Restart ‘Microsoft AD Sync’ Service

Option 1 is not technically a resolution, but more of a workaround in the event that you need the service running immediately.

  1. Log on to the server (or other computer) that is hosting the Azure AD Connect service
  2. Open the Services.msc applet by using the Windows Search or Run prompt
  3. Find the Microsoft AD Sync service in the list
  4. Right-click the service and select Restart

After about 5 to 10 minutes, the service status should update accordingly in the Office 365 admin portal.

Option 2: Rebuild Password Synchronization

Option 2 has been most commonly used to resolve issues after an upgrade of Azure AD Connect.

  1. Log on to the server (or other computer) that is hosting the Azure AD Connect service
  2. Open a PowerShell terminal with administrative privileges
  3. Enter the following code but adjust the variables accordingly to your organization:
    $adConnector  = "ad.example.com"
    $aadConnector = "example.org - AAD"
  4. Next, copy/paste the remaining code to rebuild the password sync connectors:
    Import-Module adsync
    
    $c = Get-ADSyncConnector -Name $adConnector
    $p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null
    $p.Value = 1
    $c.GlobalParameters.Remove($p.Name)
    $c.GlobalParameters.Add($p)
    $c = Add-ADSyncConnector -Connector $c
    Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $false Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $true Start-ADSyncSyncCycle -policytype initial
  5. Restart the Azure AD Connect service (see Option 1)
Option 3: Reinstall (or Update) Azure AD Connect

In the event that Option 2 did not work, you will likely be forced to uninstall then re-install the Azure AD Connect software. In order to do this, here is a list of prerequisites that you will need:

  • Download the latest version of Azure AD Connect from Microsoft:
  • Ensure you have access to a Global Admin account and credentials from your organization’s Office 365 suite
  • Ensure you have the username AND password for the Sync service account that is located in your on-premise Active Directory
    • You can confirm the username of this account by using Option 1 from above. Once you find the service, the service account is detailed in the right-most column labeled Log On As
    • If you do not know the password, you can reset it now but first confirm that the account is not being used for any other service in your organization! (which it should NOT be in the first place)

To install, run the installer downloaded from Microsoft and follow the necessary prompts.

Summary

Overall, the problem can have an affect on your users so it is best to resolve the issue the soonest possible. Try out the methods above and see which works for you. If there is no technical staff available to perform the changes, feel free to reach out and we can assist accordingly!

Leave a Reply

Your email address will not be published. Required fields are marked *

Icons made by Smashicons from www.flaticon.com is licensed by CC 3.0 BY