Forum Discussion

Brendon_Hannah's avatar
Brendon_Hannah
Copper Contributor
Jan 12, 2026

Force user to reset password in hybrid

Hi, we work in a hybrid environment at the moment, and it has been discovered that if you are using classic AD and reset a user's password and leave the tick-box saying user must change password at next logon, the password reset works!  But, if you were to select the tick-box with the intention to make the user change their password, the password does not get reset and the user never gets asked to reset their password?

 

Also, if you try and reset the user's password on AAD, you get the following error message:

Because we cannot force the user to reset their password by AD or AAD, we have to tell the user to do it themselves by the classic Ctrl-Alt-Del method or set their personal password for them over the phone.

So, what my question is, is why can I not force the user to change their password from either AD or AAD?

Active Directory
Azure Active Directory (AAD)
microsoft entra
Password Protection

2 Replies

  • Elanor92's avatar
    Elanor92
    Icon for Microsoft rankMicrosoft
    Jan 12, 2026

    Hey there! 

    I see that you have two separated issues here.

     

    So, for the first one: by default, the flag "user must change the password at the next logon" is not synched by Entra Connect. To do so, you need to enable the synch for the flag with the command 

    Set-ADSyncAADCompanyFeature -ForcePasswordChangeOnLogOn $true

    Note that this command changes the production settings of your environment, so it's a change that need to be planned and evaluated accordingly. Note also that, after the change the existing flag will not be synched, only new changes are synched. 

     

    For the second problem: it seems to be an issue related to a policy on prem, maybe the password policy. Try to follow this article for troubleshooting

    Troubleshoot password resets blocked by on-premises policy | Microsoft Learn

    You should be able to understand which policy is preventing the changes. 

     

    Note that some of the configuration may be available or not depending on which configuration you have on Entra Connect, like password writeback

  • Aravind984's avatar
    Aravind984
    Copper Contributor
    Jan 12, 2026

    Issue:your dc to pushing the force password reset after next login to users,check the event logs in dc are you able find any error?can you done user must change password on next login do gpupdate in dc and then try to do required operations,I hope this will helpful.

    Thanks 🙏.

Resources