Forum Discussion
Solved
Azure AD SSPR Password write back issue
Hi all, A company I work for have issues with the reset password function with AD Connect. In the SSPR audit logs in Azure AD, we face on 'Reset password (self-service)' the status reason 'On...
Hi Bilal, the SSPR reset is functioning again! I found out that the “Network access: Restrict clients allowed to make remote calls to SAM” GPO was setup in the local GPO of the DCs. The issue is resolved by adding the AD DS connector account into that GPO on both domain.
For future readers:
1: Open Local Security Policy, click Start, type secpol.msc
2: Navigate the console tree to Security Settings\Security Options\Network access: Restrict clients allowed to make remote calls to SAM
3: Right-Click and Select Properties
4: On the Template Security Policy Setting, Click Edit Security
5: Under Group or user names, Click Add the AD DS connector account
7: Leave everything default, and Click OKThank you again for your knowledge and time.
Hi vand3rlinden,
Do you experience this issue with one user or with all the users? Some things that you possibly can check:
- Did you enable inheritance for the AD account(s)
- Did you enable Password writeback in the Azure AD Connect configuration?
- Did you enable SSPR in the Azure AD Portal?
- Do you have a valid Azure AD Premium license?
Let me know!
Do you experience this issue with one user or with all the users? Some things that you possibly can check:
- Did you enable inheritance for the AD account(s)
- Did you enable Password writeback in the Azure AD Connect configuration?
- Did you enable SSPR in the Azure AD Portal?
- Do you have a valid Azure AD Premium license?
Let me know!