It is true that the MSOL_AD_Sync is created, disable and "User must change password at next logon. (Truly named MSOL_xxxxx..)
I have tried to create an extra set of GPO for the MSOL_AD_Sync excluding password policies.
Or excluded the MSOL_AD_SYNC from existing GPO by adding a "deny GPO" attribute.
And simple things like manually resetting pw, activating the account and removing the "change on next login".
Could I kindly ask for a little more walk-through or specific what to check on your suggestion:
"you check your current password policy or GPO in the AD, and try to bypass all GPO or other policy for this user (MSOL_AD_Sync)"
