Entra Domain Services and Windows AD Password Hash Synchronization

Entra Domain Services (Entra DS) is an Active Directory Domain Services (AD DS) compatible managed service hosted in Azure.  Windows AD-sourced users can replicate to Entra ID with Entra Connect Sync.  Legacy NTLM password hashes can also be replicated from Windows AD to Entra DS for the same sign-on experience between the on-premises and managed domains.  This video covers configuring Entra Connect Sync to enable legacy NTLM password hash synchronization.

Code:

# Source:
# https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-configure-password-hash-sync
# Define the Azure AD Connect connector names and import the required PowerShell module
$azureadConnector = "<CASE SENSITIVE AZURE AD CONNECTOR NAME>"
$adConnector = "<CASE SENSITIVE AD DS CONNECTOR NAME>"

Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"
Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1"

# Create a new ForceFullPasswordSync configuration parameter object then
# update the existing connector with this new configuration
$c = Get-ADSyncConnector -Name $adConnector
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c.GlobalParameters.Remove($p.Name)
$c.GlobalParameters.Add($p)
$c = Add-ADSyncConnector -Connector $c

# Disable and re-enable Azure AD Connect to force a full password synchronization
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $azureadConnector -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $azureadConnector -Enable $true

# Get the value of password sync configuration
Get-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector

# Run Entra Connect Sync
Start-ADSyncSyncCycle

Links

Zero to Hero with Azure Virtual Desktop
https://www.udemy.com/course/zero-to-hero-with-windows-virtual-desktop/?referralCode=B2FE49E6FCEE7A7EA8D4

Hybrid Identity with Windows AD and Azure AD
https://www.udemy.com/course/hybrid-identity-and-azure-active-directory/?referralCode=7F62C4C6FD05C73ACCC3

Windows 365 Enterprise and Intune Management
https://www.udemy.com/course/windows-365-enterprise-and-intune-management/?referralCode=4A1ED105341D0AA20D2E

Example Code
https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-configure-password-hash-sync?WT.mc_id=AZ-MVP-5004159#enable-synchronization-of-password-hashes

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.
Youtube
Click Here!

About Auther

Travis Roberts is a Cloud Infrastructure Architect, author, and speaker based in Minneapolis, Minnesota.

Contact Info

  • Email
  • 5123 W 98th St #1392 Minneapolis, MN 55437

© copyright 2022. All Rights Reserved.

Scroll to Top