Related features:

Related Powershell Guides:

How to set up Office 365 password sync using PowerShell

Synchronizing on-premises Active Directory passwords with Microsoft 365/Azure AD (Entra ID) ensures users have a unified sign-in experience across cloud and on-prem apps. Implementing Active Directory password sync helps prevent password mismatches, reduces help-desk calls, and improves security in hybrid identity environments.

This guide explains how to perform password sync using two methods:

  • ADSelfService Plus (GUI-based method)
  • PowerShell (using Azure AD Connect and Azure AD PowerShell modules)

Sync AD passwords to Azure AD using ADSelfService Plus

ADSelfService Plus offers a simple GUI-based way to sync Active Directory passwords to Microsoft 365 in real time—no need to manually run a PowerShell AD sync command.

Steps:

  1. Log in to ADSelfService Plus.
  2. Go to Configuration → Self-Service → Password Sync / Single Sign-On.
  3. Click Add Application and select Office 365 / Azure.
  4. Enter your domain details and tenant information.
  5. Configure authentication (Password-based or OAuth client credentials).
  6. Select the OU/group-based policies that determine which users' passwords should sync.
  7. Save and apply the configuration.

Once enabled, ADSelfService Plus automatically pushes AD password changes to Microsoft 365 as soon as they occur.

Sync AD and Microsoft 365 passwords using PowerShell

Step 1: Open PowerShell as an administrator

Use Windows PowerShell or PowerShell ISE with admin privileges.

Step 2: Install the Azure AD module (if not already installed)

To install and import the Azure AD PowerShell module:

Install-Module AzureAD
Import-Module AzureAD

This module is required to connect Azure AD PowerShell and modify tenant sync settings.

Step 3: Connect to Azure AD

Run:

Connect-AzureAD

You'll be prompted to sign in with your Office 365/Azure tenant admin account.

This step is mandatory any time you need to run an Azure AD PowerShell command.

Step 4: Enable password synchronization

Use this PowerShell AD sync command to turn on password hash sync:

Set-MsolDirSyncFeature -Feature PasswordSync -Enable $true

If you need tenant information first:

Get-MsolCompanyInformation

Step 5: Manually trigger a password sync

Azure AD Connect automatically syncs every 30 minutes.

To manually start a sync, use this AD sync PowerShell command:

Start-ADSyncSyncCycle -PolicyType Delta

For a full sync:

Start-ADSyncSyncCycle -PolicyType Initial

Example use cases for AD-Office 365 password sync

1: Force immediate password sync after user reset

Start-ADSyncSyncCycle -PolicyType Delta

2: Re-enable sync after troubleshooting

Set-ADSyncScheduler -SyncCycleEnabled $true

3: Confirm whether password hash sync is active

Get-MsolDirSyncFeature -Feature PasswordSync

4: Connect to Azure AD with a specific credentials object

$cred = Get-Credential
Connect-AzureAD -Credential $cred

5: Reinstall Azure AD module and reset sync settings

Uninstall-Module AzureAD
Install-Module AzureAD
Set-MsolDirSyncFeature -Feature PasswordSync -Enable $true

Supported parameters

Parameter Description
-Enable Indicates whether the specified DirSync features are turned on for the company.
-Features Specifies which DirSync features to enable or disable (e.g., PasswordSync).
-Force Forces the command to run without asking for confirmation.
-TenantId Specifies the tenant ID on which the operation is performed; useful for Azure AD and MSOnline scenarios.

Limitations of using native tools for password sync

Although PowerShell is powerful, relying solely on them can introduce challenges:

  • PowerShell sync commands become complex in hybrid environments.
  • Troubleshooting sync errors (connectivity, scheduler, and connector health) is time-consuming.
  • Admins require elevated permissions, increasing security risk.
  • Azure AD Connect sync interval (30 minutes) may not meet real-time requirements.
  • No OU/group-based filtering for sync unless configured separately.
  • Requires manual maintenance, module updates, and service health monitoring.

ADSelfService Plus simplifies password synchronization in Microsoft 365

ADSelfService Plus provides a simplified, automated, GUI-based alternative to PowerShell. Instead of writing scripts, admins can manage password synchronization visually through the portal.

Benefits of ADSelfService Plus' password synchronization

  • Syncs AD passwords instantly to Office 365/Azure AD, Google Workspace, and other enterprise apps.
  • Works without Azure AD Connect for cloud-only apps.
  • OU and group-based password sync policies for granular targeting.
  • Captures detailed audit logs for compliance and troubleshooting.
  • Eliminates complex scripting and reduces IT workload.
  • Supports real-time password synchronization, not timed or scheduled sync alone.

FAQs

1. How can I manually sync AD passwords to Office 365?

Use the following command to force password synchronization:

Start-ADSyncSyncCycle -PolicyType Delta

This syncs only changes made since the last sync.

2. How do I check the sync status?

The sync status can be checked by running the command below. This will display the last sync time and next scheduled sync.

Get-ADSyncScheduler

3. How can I enable automatic password synchronization?

Ensure Azure AD Connect is installed and configured. Then, enable synchronization using the command below.

Set-ADSyncScheduler -SyncCycleEnabled $true
 
  • Sync AD passwords to Azure AD using ADSelfService Plus
  • Sync AD and Microsoft 365 passwords using PowerShell
  • Example use cases for AD-Office 365 password sync
  • Supported parameters
  • Limitations of using native tools for password sync
  • ADSelfService Plus simplifies password synchronization in Microsoft 365
  • FAQs

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Password Self-ServiceDirectory Self-ServiceOne IdentitySecurityRelated Products

A single pane of glass for complete self service password management

Free Trial Get Quote
Email Download Link