Password Writeback not working

Environment:
Dirsync Enabled
Hybrid configured
Has Exchange on-premise 2016
Password Writeback enabled in ADconnect
Assigned Azure AD Premium Plan 2 to user1
Enabled Self Service Password Reset in Azure AD

Scenario:
When user1 tries to reset his password using SSPR, the new password reflects in AD and user1 can login to on-premise OWA using the new password. But if the Office 365 Admin will reset user1's password in the Portal the new password works in portal.office.com (Office 365) but not in on-premise OWA. I tried to re-sync AD but didn't work. I also used PowerShell to enforce password sync but no to avail.

Am I missing something? Any idea is appreciated.
LVL 2
marcusAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Can't reset the password in the office 365 portal. That is actually in the password write back documentation. You *can* reset the password in the Azure portal though.
0
marcusAuthor Commented:
From my testing I was able to reset a synced user using Office365 Admin in the portal and I was able to sign in that user in Office 365, it just didn't override the new password in AD.

I tried to reset the password in Azure portal but it gives me an error "unable to reset password".
0
Cliff GaliherCommented:
For the first one, as I said...can't reset in the Office portal and have it write back   Documented here:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-writeback

Scroll down to licensing and look under "UNSUPPORTED" scenarios.

As for the second problem, resetting a password attempts to change it on-premises *in real time.*  If it cannot change the password on azure and on-prem then the attempt fails. That is by design so passwords *don't* get out of sync.

It could mean that there was a communication problem with AADConnect, or it could mean that either Azure or the on-prem DC rejected the request.  Password complexity requirements are a good example of why that can fail.  Even the temporary password must meet requirements.  Minimum password age is one that often bites people if they are testing as the password can't be changed more than once during that minimum age.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
marcusAuthor Commented:
Thanks for clarifying that Cliff, I played on my Password policy and defined minimum password age to 0 day and I was able to reset user's password in Azure AD and it overrides the password in AD.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.