Hi!
No, it's not a bug, it's something microsoft knows about:
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/31459621-sync-account-expired-useraccountcontrol-to-azure
and there are numerous descriptions and workarounds available on the
internet, like:
https://techcommunity.microsoft.com/t5/office-365/password-expiration-with-aad-connect-password-hash-sync/m-p/329248
Just google it.
It is something many people on the planet solve in many different ways,
and to have LAM take care of it, would be ideal for us, as LAM knows
everything that's needed to take care of this.
MJ
On 6/14/21 8:38 PM, Roland Gruber wrote:
Hi Mourik Jan,
Am 14.06.21 um 19:18 schrieb mj:
Here it goes: One of the problems with syncing local AD (like samba)
accounts to the Azure AD cloud (when including password hashes) is the
fact that when local AD passwords expire or accounts become disabled,
the linked account (+ password hash) in Azure AD remains unaffected.
this sounds like a bug in the sync tool. I would suggest to address it
there first.
You could implement some workaround using LAM with custom scripts:
https://www.ldap-account-manager.org/static/doc/manual/ch04s26.html
But this is really just a workaround. The clean solution would be to fix
the sync tool.
Best regards
Roland
_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
