Password synchronization has not been activated after AAD Connect upgrade

Posted by

Recently, 16th of February, the Azure Active Directory Connect was updated to version 1.1.105.0, with some nice features like device writeback, OU filtering during wizard and a new default sync interval. Read more about the features at the AAD Connect Version Release History.

Regarding the scheduler for AAD Connect, there is a new default sync interval, so instead of 3 hours it is 30 minutes. This scheduler is customizable and more information can be found on the Scheduler page. It is configurable by PowerShell and some commands that might come in handy are:

  • Get and Set information about the Scheduler: Get-ADSyncScheduler/Set-ADSyncScheduler
  • Run a Delta synchronization now: Start-ADSyncSyncCycle -PolicyType Delta
  • Run a Full synchronization now: Start-ADSyncSyncCycle -PolicyType Initial
  • And if you for any reason need to stop an ongoing sync: : Stop-ADSyncSyncCycle

Anyway back to my recent issue. Now it was my turn to upgrade and after the upgrade new users was synchronized but I could not logon with the password. I head over to the event log and found this error

Log Name:      Application
Source:        Directory Synchronization
Event ID:      655
Level:         Error
Description:
Failed credential provisioning ping. Error: Microsoft.MetadirectoryServices.ServerDownException: Unexpected exception thrown. Action: ProvisionCredentials, Exception: An error occurred. Error Code: 90. Error Description: Password Synchronization has not been activated for this company. — CUT —

I know this has been working before, and know there is a KB for this issue: User passwords aren’t synced, and “Password Synchronization has not been activated for this company” error is logged in Event Viewer

So with these lines of PowerShell the Password Synchronization was enabled again and problem solved quick and easy

Import-Module ADSync
$aadcon = Get-ADSyncConnector | Where {$_.Type -eq “Extensible2”}
Set-ADSyncAADPasswordSyncState -ConnectorName $aadcon.Name -Enable $True

Two other resources that are good to have close

How to troubleshoot password synchronization when using an Azure AD sync appliance

How to Use PowerShell to Trigger a Full Password Sync in Azure AD Sync

3 comments

  1. This worked for me. AD Connect 1.1 with password sync working perfectly for don’t know how long, then all of a sudden, password sync enabled = false in the 365 portal. This PowerShell promptly sorted it after googling “Unexpected exception thrown. Action: ProvisionCredentials, Exception: An error occurred. Error Code: 90. Error Description: Password Synchronization has not been activated for this company” and taken straight here . Any idea what the root cause of this would be? “This issue may occur if password synchronization was disabled after it was set up in the Azure AD sync appliance.” is not relevant in my case.

    Liked by 1 person

  2. Thanks alot for posting this! I had a brand new installation and straight out of the install I was having this exact error with O365 reporting that Password Sync wasn’t “enabled” despite checking “password sync” during the install. Even redoing the install led to the same thing. Appreciate the guide

    Like

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.