AD Password Sync issue Skip to main content
https://support.okta.com/help/answers?id=906f0000000i05sias&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Neil AzzaroNeil Azzaro 

AD Password Sync issue

Months ago, we set up an AD Domain, and populated it using Okta (AD1).  Password Sync works perfectly as well as provisioning.  This past week we decided to connect Okta to a secondary Domain (AD2), to master the passwords of pre-existing accounts.  I have tried manually importing/matching users, creating a new user in Okta and assigning an existing user to a Group to have them provisioned in AD.  None of the methods properly sync the users password.  One thing I did notice was a difference in the "Edit" dialogue between AD1 (Working)  and AD2 (Legacy, not working):  There is a "Password" field in the AD2 dialogue box, which states: "Reset password (Randomly generated via app provisioning)".  This field does not exist in the AD1 dialogue box.  I have looked everywhere I can think of to adjust this setting, and have come up empty handed.  "Sync Password" is checked on the Directory Integration page.  If I forgot to mention something please let me know.  I'm really hoping I just simply missed a step.
Kevin TurnerKevin Turner (Okta, Inc.)
Hi Neil
This use case should work, however I think there has been a conflict added in this area due to a new feature recently added to enable application specific passwords. Right now, for AD we seem to be pushing down a randomly generated password. We are aware of the problem and it is being reviewed by engineering.
One option would be to turn the feature flag off from your tenant temporarily while you set the AD environments up. Once all working the flag could then be re-enabled. Please reply to support as to how you would like to procede.
Many thanks.
Kevin