PowerSyncPro can bidirectionally copy the RC4 hash between Active Directory (AD) domains to allow the user to log on with the same password on both sides. 

If a Microsoft Tenant is involved to another tenant and AADC is used to sync AD to Azure AD. We can do a bidirectional sync here to allow Self Service Password Reset (SSPR) to be used in a target tenant even when the user is actually in a remote AD domain synced with PSP and not with AADC.

We use 

samlib.dll

and in particular 

SamSetInformationUser 

for password sync, so that we mitigate conflicts with endpoint protection.

We don’t do an Local Security Authority Subsystem Service (LSASS) injection for mainly that reason, as there is a greater chance of end point protection causing conflicts.

Our roadmap includes a password sync agent which will work when RC4 is disabled in Active Directory. The agent would need to be installed on every domain controller (DC) where a user may change their password or where a password reset may be done. We are looking at Q4 2023 to have this available and GA.