Forum Discussion

Brendon_Hannah's avatar
Brendon_Hannah
Copper Contributor
Jan 11, 2026
Solved

Force user to reset password in hybrid

Hi, we work in a hybrid environment at the moment, and it has been discovered that if you are using classic AD and reset a user's password and leave the tick-box saying user must change password at n...
Active Directory
Azure Active Directory (AAD)
microsoft entra
Password Protection
  • Elanor92's avatar
    Elanor92
    Jan 12, 2026

    Hey there! 

    I see that you have two separated issues here.

     

    So, for the first one: by default, the flag "user must change the password at the next logon" is not synched by Entra Connect. To do so, you need to enable the synch for the flag with the command 

    Set-ADSyncAADCompanyFeature -ForcePasswordChangeOnLogOn $true

    Note that this command changes the production settings of your environment, so it's a change that need to be planned and evaluated accordingly. Note also that, after the change the existing flag will not be synched, only new changes are synched. 

     

    For the second problem: it seems to be an issue related to a policy on prem, maybe the password policy. Try to follow this article for troubleshooting

    Troubleshoot password resets blocked by on-premises policy | Microsoft Learn

    You should be able to understand which policy is preventing the changes. 

     

    Note that some of the configuration may be available or not depending on which configuration you have on Entra Connect, like password writeback

Aravind984's avatar
Aravind984
Copper Contributor
Jan 11, 2026

Issue:your dc to pushing the force password reset after next login to users,check the event logs in dc are you able find any error?can you done user must change password on next login do gpupdate in dc and then try to do required operations,I hope this will helpful.

Thanks 🙏.