Forum Discussion
Password changing for off-site users
Trying to configure my users to be able to change their passwords from the cloud. I don't want to open up the entire organization to being able to reset on the cloud, just the remote users that will never use a domain PC. I have password reset enabled in the azure portal for the specific group that all these users area member of, however I still get the "you cannot change your password here" when I log in with a test account. I do not have password writeback enabled as I do not want these particular users to be able to change their AD account passwords, just their cloud accounts.
These users DO have ADDS accounts that are sync to O365 because we use Exchange Online as our email service.
6 Replies
- Jason SiarotCopper Contributorok
- Deleted
Just curious why you wouldn't want these passwords to be written back to your on prem AD?
I get they may not be in the office or external workers, but would it not be quicker for an admin to reset a password on prem if you needed to secure an account from AD without having to login to the 365 admin portal?
Or is it you want the user to have the ability to reset password while not in the office but not need to licence them for EMS to be licenced for AD password writeback?
- Deleted
If you're going to allow password changes in the cloud on objects synced with ADSync you have to have a way for it to write back to maintain consistency. Only way around it will be to make your external users Cloud only users.
- Dave EasterCopper Contributor
I don't care about consistency with the remote users. If their passwords are different between on-site and cloud that doesn't matter. Is this possible?
- DeletedNot to my knowledge not without making your users Cloud only and not part of the sync with AD sync client.
- Jason GaffneyCopper Contributor
Also looking for this answer, would AAD Connect's password write-back feature do this now?