Entra Domain Services and Windows AD Password Hash Synchronization

Entra Domain Services

Entra Domain Services and Windows AD Password Hash Synchronization

Entra Domain Services (Entra DS) is an Active Directory Domain Services (AD DS) compatible managed service hosted in Azure.  Windows AD-sourced users can replicate to Entra ID with Entra Connect Sync.  Legacy NTLM password hashes can also be replicated from Windows AD to Entra DS for the same sign-on experience between the on-premises and managed domains.  This video covers configuring Entra Connect Sync to enable legacy NTLM password hash synchronization.

Code:

# Source:
# https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-configure-password-hash-sync
# Define the Azure AD Connect connector names and import the required PowerShell module
$azureadConnector = "<CASE SENSITIVE AZURE AD CONNECTOR NAME>"
$adConnector = "<CASE SENSITIVE AD DS CONNECTOR NAME>"

Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"
Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1"

# Create a new ForceFullPasswordSync configuration parameter object then
# update the existing connector with this new configuration
$c = Get-ADSyncConnector -Name $adConnector
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c.GlobalParameters.Remove($p.Name)
$c.GlobalParameters.Add($p)
$c = Add-ADSyncConnector -Connector $c

# Disable and re-enable Azure AD Connect to force a full password synchronization
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $azureadConnector -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $azureadConnector -Enable $true

# Get the value of password sync configuration
Get-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector

# Run Entra Connect Sync
Start-ADSyncSyncCycle

Links

Zero to Hero with Azure Virtual Desktop
https://www.udemy.com/course/zero-to-hero-with-windows-virtual-desktop/?referralCode=B2FE49E6FCEE7A7EA8D4

Hybrid Identity with Windows AD and Azure AD
https://www.udemy.com/course/hybrid-identity-and-azure-active-directory/?referralCode=7F62C4C6FD05C73ACCC3

Windows 365 Enterprise and Intune Management
https://www.udemy.com/course/windows-365-enterprise-and-intune-management/?referralCode=4A1ED105341D0AA20D2E

Example Code
https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-configure-password-hash-sync?WT.mc_id=AZ-MVP-5004159#enable-synchronization-of-password-hashes

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.
Twitter Youtube
Click Here!
November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  
Meta
Tags

About Auther

Travis Roberts is a Cloud Infrastructure Architect, author, and speaker based in Minneapolis, Minnesota.

Contact Info

  • Email
  • 5123 W 98th St #1392 Minneapolis, MN 55437

© copyright 2022. All Rights Reserved.

Scroll to Top