One issue with Azure AD Sync or DirSync was that the password sync can somethings stop working even if everything in the console is looking OK.
On previous versions of DIR Sync and Azure AD sync, there are PowerShell commands available to force a full password sync (See TechNet FAQ). With Azure AD Connect this PowerShell command no longer works and you have to trigger a full or incremental sync of passwords via a command line exe.
To run a sync, open PowerShell with Admin rights run the below commands.
C:Program FilesMicrosoft Azure AD SyncBinDirectorySyncClientCmd.exe initial C:Program FilesMicrosoft Azure AD SyncBinDirectorySyncClientCmd.exe delta
The initial will run a full sync and a delta does an incremental. Its good practice to run them both.
Optionally… You can check the logs and see if an account has synced successfully.
Load Azure the Azure Synchronisation Manager and find the operation with outbound objects.
Select the user you wish to check and select the log.
The log will show the success/failure status and any additional information.
This article was originally posted on Rafael Delgado’s SysCtr.info Blog – head over there to see more!
