Forum Discussion

TryRestartingIt's avatar
TryRestartingIt
Copper Contributor
Aug 15, 2020
Solved

Pass change etiquette 201

When utilizing and on prem ad server with integrated azure o365 suit, what is the best way to change a user’s password?
admin
office 365
On-Premises
security
  • harveer singh's avatar
    harveer singh
    Aug 15, 2020

    Hey TryRestartingIt,

     

    The first prerequisite is to have AADConnect installed, unless you have other requirements password hash synchronization is the common option to go with. With AADconnect setup, all the user passwords as a rule of thumb are to be managed from on-premises active directory. You reset the password on-premises and let it sync to office 365, if everything is configured right, it should take around 2-5 mins to sync the password to office 365 automatically without having to run a sync manually. 

    Here is a reference article from Microsoft regarding password hash synchronization: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization

     

    Thanks

2 Replies

Sort By
  • HidMov's avatar
    HidMov
    Steel Contributor
    Aug 15, 2020

    Hi TryRestartingIt 

     

    Depends on how you have set up Azure AD Connect.

     

    Normally, Azure AD Connect is set up for one way traffic - password is set in AD, and synchronised with 365. If you change the password in 365, it will get replaced with the AD password the next time it is synchronised. In this case, you need to change the password on-prem.

     

    If you have an Azure P1 licence and have set up "Password writeback" in Azure AD connect, then you can synchronise the passwords both ways between 365 and on prem. In this case, you can reset the password in either and it will write to the other. 

     

    Hope this helps,

    Mark

  • harveer singh's avatar
    harveer singh
    Steel Contributor
    Aug 15, 2020

    Hey TryRestartingIt,

     

    The first prerequisite is to have AADConnect installed, unless you have other requirements password hash synchronization is the common option to go with. With AADconnect setup, all the user passwords as a rule of thumb are to be managed from on-premises active directory. You reset the password on-premises and let it sync to office 365, if everything is configured right, it should take around 2-5 mins to sync the password to office 365 automatically without having to run a sync manually. 

    Here is a reference article from Microsoft regarding password hash synchronization: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization

     

    Thanks

Resources