In Windows Azure Active Directory Synchronization Tool (or DirSync), a full Password Sync and a full Directory Sync are two different events. A full Password Sync synchronizes password hashes for all DirSync users, while a full Directory Sync does not trigger a full password sync. By default, the only activity that triggers a full password sync is completing the DirSync’s Configuration Wizard.
But there is a way around this. In order to trigger a full password sync, perform the following steps (you must be using DirSync v6438.0003 or above):
- On the DirSync server, run the following .psc1: C:\Program Files\Windows Azure Active Directory Sync\DirSyncConfigShell.psc1;
- In the new Powershell console, run Set-FullPasswordSync;
- Now load the services console by running Services.msc;
- Restart the Forefront Identity Manager Synchronization Service Service.
Once this is complete, you should see a series of 656 EventIDs (Password Sync Requests) and 657 EventIDs (Password Sync Results) indicating that a full password sync was triggered.