How to resolve password generation problems in the MSOL Sync Policy
Overview
By default Office 365 has the below Password Policy Requirements. If your Atria Active Directory contains a password policy that is more restrictive than this, then during sync for a new tenant the MSOL Sync process may error when attempting to import users.
Office 365 Default Password Complexity settings
The password must contain minimum 8 characters and maximum 16 characters and cannot contain the username. It requires 3 out of 4 the following:
- Lowercase characters
- Uppercase characters
- Numbers (0 - 9)
- Symbols like @ # $ % ^ & * – _ + = [ ] | \ : ‘ , . ? / ` ~ “ < > ( ) ;
Prerequisite
On-premise Active Directory Password Policy is configured and enabled (FGPP - Fine Grain Password Policy)
Resolution
In this example, the following steps will match the current Active Directory Password Policy to the MSOL Sync Policy
-
Locate and review the existing AD Password Policy in your Active Directory.
-
Edit the Password Sync Policy by following the steps in this article: How to add and update MSOL Sync Policies
-
After updating the Sync Policy, make sure to re-provision the Azure AD service on the customer
-
After provisioning, re-run the Sync process on the specific customer: Go to Services > Microsoft Online > Azure AD Sync and toggle Sync Tenant
If any errors occurred during the Sync process, this can be seen on the Provisioning Logs. If you require further assistance send a copy of the log results to support@automate101.com to raise a new support ticket.