This time I want to share with you a simple and quite useful script that helps determine when was the last time that certain user’s password was synchronized to Azure AD.
The only location where this is registered is the Event Viewer under Application events with the Event ID 657.
The script will look for the sourceAnchor of the user and display the results:
The script must be run from the AD Connect server that has the ActiveDirectory PowerShell module installed (the module can be installed from the Features – Remote Server Administration Tools menu in Server Manager)
The script is available for download from here