Sometimes you will wonder why you cannot logon with the identities synced to Azure AD via AAD Connect.
The most possible cause is the accounts' password haven't been synced to AAD successfully.
You can follow this article to enable password sync, or you can trigger a full sync with all passwords.
What's more, I write a simple powershell script (Github link) to check your current password sync configuration.
# Check if AAD Sync Powershell is avaiable if ((Get-Module -ListAvailable adsync) -eq $null) { throw "AAD Sync Powershell Module cannot be found!" } Import-Module adsync $adConnector = Get-ADSyncConnector | where {$_.ConnectorTypeName -eq "AD"} $pwdSyncConfig = Get-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector.Name Write-Output("********************") Write-Output ("Your Password Sync Configuration is.........") Write-Output("SourceConnector: {0}" -f $pwdSyncConfig.SourceConnector ) Write-Output("TargetConnector: {0}" -f $pwdSyncConfig.TargetConnector ) Write-Output("Enabled: {0}" -f $pwdSyncConfig.Enabled )
Sample output:
PS C:Usersadmin> C:UsersadminDesktopCheckPwdSyncConfig.ps1
******************** Your Password Sync Configuration is......... SourceConnector: fansayent.com TargetConnector: fansayent.onmicrosoft.com - AAD Enabled: True