Forum Discussion

user456902's avatar
user456902
Copper Contributor
Mar 30, 2021
Solved

Clarification on Password Writeback

HI, So I'm trying to get a better understanding of SSPR and Password Writeback, spceficically if there is any failover recommendations similar to running three agents for Pass-through Authenticati...
  • Seshadrr's avatar
    Seshadrr
    Apr 02, 2021

    Azure Active Directory (Azure AD) self-service password reset (SSPR) lets users reset their passwords in the cloud, Password writeback is a feature enabled with Azure AD Connect that allows password changes in the cloud to be written back to an existing on-premises directory in real-time.

     

    Password Writeback will support below cloud authentication method-

    1) Password Hash synchronization (PHS)
    2) Password through Authentication (PTA)
    3) ADFS

     

     

    Once the Password wite back feature is enabled, the sync engine calls the writeback library to perform the configuration (onboarding) by communicating to the cloud onboarding service. Any errors encountered during onboarding or while starting the Windows Communication Foundation (WCF) endpoint for password writeback results in errors in the event log, on your Azure AD Connect the machine

Gregor Reimling's avatar
Gregor Reimling
MVP
Apr 02, 2021
Hi,
from my perspective, the password will be changed in the Azure AD and this inform the Azure AD Connect service about the password change. The AAD connect inform the DC about the password change. When the AAD connect isn't available, the password cannot write back to the domain. The service needs AAD connect.

Resources