Skip to content

Update pwd-hash-sync-auto-enable.md #1897

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Update pwd-hash-sync-auto-enable.md #1897

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 3 additions & 7 deletions support/entra/entra-id/user-prov-sync/pwd-hash-sync-auto-enable.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
---
title: Password Hash Synchronization is automatically enabled in Microsoft Entra connector
description: Fixes a problem in which Password Hash Synchronization is automatically enabled in Microsoft Entra connector.
ms.date: 05/28/2020
ms.date: 06/05/2025
ms.reviewer:
ms.service: entra-id
ms.custom: sap:Microsoft Entra Connect Sync, has-azure-ad-ps-ref
ms.custom: sap:Microsoft Entra Connect Sync, no-azure-ad-ps-ref
---
# Password Hash Sync is automatically enabled during Microsoft Entra Connect Pass-through Authentication

Expand Down Expand Up @@ -74,11 +74,7 @@ Optionally, if you want to clear password hashes that are already synchronized t
2. Select the **Customize synchronization options** task.
3. On the **Optional features** page, clear the **Password writeback** feature check box.
4. Complete the wizard.
2. Use the [Set-MsolUserPassword](/powershell/module/msonline/set-msoluserpassword?view=azureadps-1.0&preserve-view=true) cmdlet to set random passwords on all affected users. You have to run this cmdlet five times for each user because Microsoft Entra ID stores the last four password hashes in the password hash history.
2. Use the [Reset-MgUserAuthenticationMethodPassword](/powershell/module/microsoft.graph.identity.signins/reset-mguserauthenticationmethodpassword) cmdlet to set random passwords on all affected users. You have to run this cmdlet five times for each user because Microsoft Entra ID stores the last four password hashes in the password hash history.

[!INCLUDE [Azure AD PowerShell deprecation note](~/../support/reusable-content/msgraph-powershell/includes/aad-powershell-deprecation-note.md)]

>[!NOTE]
> The Set-MsolUserPassword cmdlet does not work if the user is using a federated domain. To clear password hashes for the user in the federated domain, you must change the UPN of the user to a non-federated domain, and then run the cmdlet to set the random password. After that, revert the UPN of the user to the original state.

[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)]