You have connected an existing O365 service to your local Active Directory using DirSync. Despite the O365 portal indicating that your users are “Synced with Active Directory”, your users’ password are still set to the original cloud account passwords instead of their local domain passwords.
By default, the DirSync utility only does a password sync on initial configuration and when passwords are changed. You can force the sync:
- Make sure you have the Microsoft Online Services Sign-In Assistant and Azure Active Directory Powershell Module installed; the installation does request a reboot.
- Launch an elevated PowerShell instance and load the DirSync modules:
Import-Module “c:Program FilesWindows Azure Active Directory SyncDirSyncImportModules.ps1”
- Run the Set-FullPasswordSync cmdlet to force the next sync to include passwords
- Restart the Forefront Identity Manager Synchronization Service service to force the sync