Skip to content

Commit 7a34dac

Browse files
ktoliverktoliver
authored
Merge pull request #72779 from riantu/patch-8
Update how-to-connect-selective-password-hash-synchronization.md
2 parents 568ceac + 11e9e51 commit 7a34dac

File tree

1 file changed

+9
-1
lines changed

1 file changed

+9
-1
lines changed

articles/active-directory/hybrid/how-to-connect-selective-password-hash-synchronization.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,9 @@ To reduce the configuration administrative effort, you should first consider the
3232
> [!Important]
3333
> With either configuration option chosen, a required initial sync (Full Sync) to apply the changes, will be performed automatically over the next sync cycle.
3434
35+
> [!Important]
36+
> Configuring selective password hash synchronization directly influences password writeback. Password changes or password resets that are initiated in Azure Active Directory write back to on-premises Active Directory only if the user is in scope for password hash synchronization.
37+
3538
### The adminDescription attribute
3639
Both scenarios rely on setting the adminDescription attribute of users to a specific value. This allows the the rules to be applied and is what makes selective PHS work.
3740

@@ -131,6 +134,9 @@ Once all configurations are complete, you need edit the attribute **adminDescrip
131134

132135
![Edit attribute](media/how-to-connect-selective-password-hash-synchronization/exclude-11.png)
133136

137+
You can also use the following PowerShell command to edit a user's **adminDescription** attribute:
138+
139+
```Set-ADUser myuser -Replace @{adminDescription="PHSFiltered"}```
134140

135141
## Excluded users is larger than included users
136142
The following section describes how to enable selective password hash synchronization when the number of users to **exclude** is **larger** than the number of users to **include**.
@@ -201,7 +207,9 @@ Once all configurations are complete, you need edit the attribute **adminDescrip
201207

202208
![Edit attributes](media/how-to-connect-selective-password-hash-synchronization/include-11.png)
203209

204-
210+
You can also use the following PowerShell command to edit a user's **adminDescription** attribute:
211+
212+
```Set-ADUser myuser -Replace @{adminDescription="PHSIncluded"}```
205213

206214
## Next Steps
207215
- [What is password hash synchronization?](whatis-phs.md)

0 commit comments

Comments
 (0)