• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 136
  • Last Modified:

Password Writeback not working

Environment:
Dirsync Enabled
Hybrid configured
Has Exchange on-premise 2016
Password Writeback enabled in ADconnect
Assigned Azure AD Premium Plan 2 to user1
Enabled Self Service Password Reset in Azure AD

Scenario:
When user1 tries to reset his password using SSPR, the new password reflects in AD and user1 can login to on-premise OWA using the new password. But if the Office 365 Admin will reset user1's password in the Portal the new password works in portal.office.com (Office 365) but not in on-premise OWA. I tried to re-sync AD but didn't work. I also used PowerShell to enforce password sync but no to avail.

Am I missing something? Any idea is appreciated.
0
marcus
Asked:
marcus
  • 2
  • 2
1 Solution
 
Cliff GaliherCommented:
Can't reset the password in the office 365 portal. That is actually in the password write back documentation. You *can* reset the password in the Azure portal though.
0
 
marcusAuthor Commented:
From my testing I was able to reset a synced user using Office365 Admin in the portal and I was able to sign in that user in Office 365, it just didn't override the new password in AD.

I tried to reset the password in Azure portal but it gives me an error "unable to reset password".
0
 
Cliff GaliherCommented:
For the first one, as I said...can't reset in the Office portal and have it write back   Documented here:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-writeback

Scroll down to licensing and look under "UNSUPPORTED" scenarios.

As for the second problem, resetting a password attempts to change it on-premises *in real time.*  If it cannot change the password on azure and on-prem then the attempt fails. That is by design so passwords *don't* get out of sync.

It could mean that there was a communication problem with AADConnect, or it could mean that either Azure or the on-prem DC rejected the request.  Password complexity requirements are a good example of why that can fail.  Even the temporary password must meet requirements.  Minimum password age is one that often bites people if they are testing as the password can't be changed more than once during that minimum age.
0
 
marcusAuthor Commented:
Thanks for clarifying that Cliff, I played on my Password policy and defined minimum password age to 0 day and I was able to reset user's password in Azure AD and it overrides the password in AD.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now