Azure AD Sync with On-Prem AD password change force delta sync
We all have clients with AD Sync to Microsoft 365. When a user changes their password it seems like forever for the password change to sync to 365. Would it be possible to monitor on-prem Active Directory event logs for a password change event and then kick off an "manual" (but Kaseya automated) AD Sync to Azure AD/365?
- User changes password.
- Event log stating as such.
- Kaseya monitoring views the event and kicks off a procedure to run a AD Sync/Delta/Intial to sync the password change to Azure AD/365.
This way it doesn;t take 15-30 minutes for the passowrd change to take effect in Azure AD/365. It might only be a few minutes or however you setup the monitor.
Has this been tried before and I'm kicking a dead horse?
You can easily do this !!!
You will want to turn on the following GPO Policy however for both Success and Failure first
Then after that you can monitor for event IDs 4724 and 4723 in the Security Logs ( either Success or Failure ) we would do both just to make sure and then kick off a script that forces the Azure AD Delta Sync ( we included one - but we have not tested it to see if it works )
Azure AD Sync is set by default to sync every 30 minutes, so yes at most it would take up to 30 minutes if a cycle just hit right before a user changed their password.
You can also change the Default Sync Schedule following the Microsoft KB here -- https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-scheduler0