Hi Team,
We are using Password Hash Sync authentication model in AD connect. Since we are using Password Hash Sync we know there's a drawback of it i.e. Account Expired / Password Expired scenarios are not available out of the box.
Let me know if there's a solution within Password Hash Sync method only to set the user status as Disabled if user account expired in on-prem AD. ( Please don't suggest on switching to ADFS or PassThrough Authentication I'm aware of there capabilities)
Any best practices and solution for PassHash Sync method to disable account which got expired in on-premises ?
I have read about EnforceCloudPasswordPolicyForPasswordSyncedUsers feature which is for Password Expiration scenario not for Account Expiration. Reference1 Reference2
Any suggestion on simplest way to achieve the above via AAD Connect Rule ?