Password Synchronisation


I'm trying to understand and validate some informations, we have a one way Migration / synchronization from domain source to domain target, my Questions:

- How does the password synch works ? it's based on the chage timestamp ? if I change the source Password does it replicate on the target with a full synch

- is there a way to fix the password copy Synch problems related to the doamin password policies (complexity, length).. the problem occurs when the policy is not the same on the target

-Where can I find the accounts who failed the password complexity

Thank you

  • During a full sync or migration session, it reads the source and writes the target. During a delta sync, it is based on the same thing AD replication is based on, the USN. So if the password in changed in the source (or read side or a two-way sync) it will be picked up to write to the target (or write sude of a two-way sync). By default the pwdlastset date/time will be compared and if it is newer it will be written. If it is older the password is copied. 

    The password policy is not an issue. We do not copy passwords, we copy the password HASH. Only blank passwords fail. 

  • During a full sync or migration session, it reads the source and writes the target. During a delta sync, it is based on the same thing AD replication is based on, the USN. So if the password in changed in the source (or read side or a two-way sync) it will be picked up to write to the target (or write sude of a two-way sync). By default the pwdlastset date/time will be compared and if it is newer it will be written. If it is older the password is copied. 

    The password policy is not an issue. We do not copy passwords, we copy the password HASH. Only blank passwords fail. 
