Forum Discussion
SSPR for synced account failed — error: OnPremisesUserNotFound
Hello, I’m encountering the following error for all synchronized accounts when attempting to use Self-Service Password Reset (SSPR): Error: OnPremisesUserNotFound Details: Synchronization Engine...
Try the following to resolve:
- Confirm the On-Prem Object Exists
- Open Active Directory Users and Computers (ADUC)
- Verify that the affected user still exists and hasn’t been moved to an OU excluded from sync
- Check Sync Rules in Entra Connect
- Open the Synchronization Rules Editor
- Ensure that inbound and outbound rules for user objects are correctly configured
- Look for any custom rules that might be filtering out the user
- Verify Service Account Permissions
- The account used by Entra Connect must have read/write access to the user object
- Specifically, it needs permission to reset passwords and write back changes
- Restart the Sync Service
- On the Entra Connect server, restart the Microsoft Entra Connect Sync service
- This can clear transient errors and reinitialize connections
- Disable and Re-enable Password Writeback
- In the Entra admin portal, toggle Password Writeback off and then back on
- This can refresh the configuration and resolve binding issues
- Check Network Connectivity
- Ensure outbound HTTPS access to:
- *.passwordreset.microsoftonline.com
- *.servicebus.windows.net
- Use PowerShell to test:
Test-NetConnection -ComputerName <namespace>.servicebus.windows.net -Port 443
Hello,
The issue has now been resolved. It was indeed caused by our custom inbound rules. To fix it, I checked the "Enable Password Sync" option in each rule and then performed a full synchronization.
Thanks a lot,