I had came across an unusual situation where the user account was synced from AD and the password sync was working just as fine as I was able to reset passwords with no errors, ironically with some users who had the password set to never expire, started getting messages on office 365 to reset the password as it had expired and this blew up my mind for a while.

According to Microsoft's documentation Link- https://msdn.microsoft.com/en-us/library/azure/dn246918.aspx if you enable password syncm, the Office 365 Password policy for all the users is set to never expire as the local AD password policy takes effect. Now, question is how to fix this issue? Before we draw a conculsion lets first identify if this is really the issue. First and foremost thing that you need to check is the AD Sync health. Download and Install the Azure AD powershell module (https://msdn.microsoft.com/en-us/library/jj151815.aspx)

Check if the the DirSync and password sync (Make sure that you reset the password for a test account on local AD which is synced to office 365 before you run these commands) are working fine by keying in the following command:-

1. Import-Module MSOnline

2. Connect-MSOLService

3. Get-MsolCompanyInformation | select LastDirSyncTime,LastPasswordSyncTime

You shall be able to see that time stamp of last sync, This would ensure that the sync is healthy if the data available is within last 3 hours. Now run the commands shown below.

1. Import-Module MSOnline

2. Connect-MSOLService

3. $Users=get-msoluser -all | select UserPrincipalName

4. foreach($User in $Users){ Set-MsolUser -$User.UserPrincipalName -PasswordNeverExpires $true}

Try logging in with the same credentials again, and I am sure you wont see the message to change passwords. Another approach to fix this issue is to reset the password on local AD with the same password that was previously being used and the user wont see this message.

The question arises why this happens? Answer is, Its not known. Technically, when you setup DirSync/AD-Connect with password sync. The setup would run powershell cmdlets in the background to set the password to never expire on the cloud service. However, sometimes that fails to happen. In such situations you can run the commands shown above to fix the issue.

#PasswordSync #PasswordSettoNeverExpire #PasswordPolicy #ADConnect #AzureAD #Office365