When users change their passwords of their on-premise AD account, these changes are not replicated to Office365 (Azure AD). In the event log of the server running AD Sync, event 611 is logged:

Event ID 611
Password synchronization failed for domain: constoso.com.

Details:
System.DirectoryServices.Protocols.LdapException: The operation was aborted because the client side timeout limit was exceeded.

To resolve the issue, a registry setting has to be changed on the server running AD Sync, followed by a reboot:

On the server running AD Sync, open regedit.

Navigate to the key:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ldap

Set the value of LdapClientIntegrity to 0.

Restart the se  ...