Home

Password Writeback and ADFS

%3CLINGO-SUB%20id%3D%22lingo-sub-218388%22%20slang%3D%22en-US%22%3EPassword%20Writeback%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-218388%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20experts%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20the%20next%20scenario%2C%20where%20my%20tenant%20of%20Office%20365%20has%20federation%20with%20ADFS%20and%20ADConnect%20syncronizing%20my%20users%20from%20Active%20Directory%20Onpremise.%3C%2FP%3E%3CP%3ENow%20I%20need%20the%20service%20of%20Password%20Writeback%20from%20Azure%20Active%20Directory%20Premium.%3C%2FP%3E%3CP%3EHow%20work%20Password%20Writeback%20with%20a%20federated%20(adfs)%20tenant%3F%3F%20Is%20it%20Possible%20reset%20the%20password%20directly%20in%20Active%20Directory%20OnPremise%20with%20Password%20Writeback%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-218388%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn-Premises%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-218687%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20Writeback%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-218687%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20you%20are%20using%20AD%20FS%2C%20you%20can%20also%20reset%20passwords%20without%20password%20writeback.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAD%20FS%20has%20a%20feature%20that%20allows%20you%20to%20reset%20passwords%20-%20as%20long%20as%20you%20remember%20the%20current%20password.%20However%2C%20this%20feature%20is%20disabled%20by%20default%2C%20so%20you%20need%20to%20enable%20it%20using%20the%20following%20PowerShell%20commands.%3C%2FP%3E%3CPRE%3E%23%20Enable%20update%20password%20from%20internal%20network%3CBR%20%2F%3EEnable-AdfsEndpoint%20-TargetAddressPath%20%22%2Fadfs%2Fportal%2Fupdatepassword%2F%22%3CBR%20%2F%3E%3CBR%20%2F%3E%23%20Enable%20update%20password%20from%20external%20network%3CBR%20%2F%3ESet-AdfsEndpoint%20-TargetAddressPath%20%22%2Fadfs%2Fportal%2Fupdatepassword%2F%22%20-Proxy%20%24true%3CBR%20%2F%3E%3CBR%20%2F%3E%23%20Restart%20the%20AD%20FS%20service%3CBR%20%2F%3ERestart-Service%20ADFSSRV%3C%2FPRE%3E%3CP%3ENote%20that%20you%20need%20to%20restart%20the%20service%20on%20all%20AD%20FS%20servers%20in%20the%20farm.%3C%2FP%3E%3CP%3ENow%20your%20users%20can%20reset%20their%20password%20by%20browsing%20to%20https%3A%2F%2Fyour-adfs-server%2Fadfs%2Fporta%2Fupdatepassword%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-218458%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20Writeback%20and%20ADFS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-218458%22%20slang%3D%22en-US%22%3E%3CP%3EPassword%20writeback%20works%20with%20AD%20FS%2C%20if%20that's%20what%20you%20are%20asking.%20Details%20can%20be%20found%20in%20the%20documentation%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-sspr-writeback%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-sspr-writeback%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Andres Pupiales Bucheli
Occasional Visitor

Hi experts

 

I have the next scenario, where my tenant of Office 365 has federation with ADFS and ADConnect syncronizing my users from Active Directory Onpremise.

Now I need the service of Password Writeback from Azure Active Directory Premium.

How work Password Writeback with a federated (adfs) tenant?? Is it Possible reset the password directly in Active Directory OnPremise with Password Writeback??

 

 

2 Replies

Password writeback works with AD FS, if that's what you are asking. Details can be found in the documentation: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback

Highlighted

As you are using AD FS, you can also reset passwords without password writeback.

 

AD FS has a feature that allows you to reset passwords - as long as you remember the current password. However, this feature is disabled by default, so you need to enable it using the following PowerShell commands.

# Enable update password from internal network
Enable-AdfsEndpoint -TargetAddressPath "/adfs/portal/updatepassword/"

# Enable update password from external network
Set-AdfsEndpoint -TargetAddressPath "/adfs/portal/updatepassword/" -Proxy $true

# Restart the AD FS service
Restart-Service ADFSSRV

Note that you need to restart the service on all AD FS servers in the farm.

Now your users can reset their password by browsing to https://your-adfs-server/adfs/porta/updatepassword

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies