SOLVED

Azure AD and Password Writeback to On-premise AD

%3CLINGO-SUB%20id%3D%22lingo-sub-95694%22%20slang%3D%22en-US%22%3EAzure%20AD%20and%20Password%20Writeback%20to%20On-premise%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-95694%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20you%20please%20advise%20me%3F%3C%2FP%3E%3CP%3EI%20have%20enabled%20SSPR%20%2F%20Password%20Writeback%20to%20On-premise%20AD.%3C%2FP%3E%3CP%3EUsers%20are%20able%20to%20reset%20their%20password%20thru%26nbsp%3Bpasswordreset.microsoftonline.com.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20this%20is%20enabled%2C%20can%20admins%20reset%20users%20password%20also%20from%20Azure%20AD%20%2F%20Office%20365%20and%20passwords%20are%20synced%20correctly%20to%20On-Premise%20AD%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%20Joonas%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-95694%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Identity%20Azure%20AD%20Office365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-95716%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20and%20Password%20Writeback%20to%20On-premise%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-95716%22%20slang%3D%22en-US%22%3EThank%20you%20sir!%3CBR%20%2F%3E%3CBR%20%2F%3ERegards%2C%20Joonas%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-95699%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20and%20Password%20Writeback%20to%20On-premise%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-95699%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Joonas%2C%26nbsp%3Bhere%20are%20the%20supported%20and%20unsupported%20operations%20for%20Admins.%20Basically%2C%20Admins%20can%20use%20Azure%20portal%20to%20reset%20a%20user%20password.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ESupported%20Administrator%20operations%3C%2FSTRONG%3E%3C%2FP%3E%3CUL%3E%3CLI%3EAny%20administrator%20self-service%20voluntary%20change%20password%20operation%3C%2FLI%3E%3CLI%3EAny%20administrator%20self-service%20force%20change%20password%20operation%20(for%20example%2C%20password%20expiration)%3C%2FLI%3E%3CLI%3EAny%20administrator%20self-service%20password%20reset%20originating%20from%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fpasswordreset.microsoftonline.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EPassword%20Reset%20Portal%3C%2FA%3E%3C%2FLI%3E%3CLI%3EAny%20administrator-initiated%20end-user%20password%20reset%20from%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fmanage.windowsazure.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EAzure%20classic%20portal%3C%2FA%3E%3C%2FLI%3E%3CLI%3EAny%20administrator-initiated%20end-user%20password%20reset%20from%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EAzure%20portal%3C%2FA%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CSTRONG%3EUnsupported%20Administrator%20operations%3C%2FSTRONG%3E%3C%2FP%3E%3CUL%3E%3CLI%3EAny%20administrator-initiated%20end-user%20password%20reset%20from%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fportal.office.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOffice%20management%20portal%3C%2FA%3E%3C%2FLI%3E%3CLI%3EAny%20administrator-initiated%20end-user%20password%20reset%20from%20PowerShell%20v1%2C%20v2%2C%20or%20the%20Azure%20AD%20Graph%20API%3C%2FLI%3E%3C%2FUL%3E%3CP%3EFor%20detailed%20reference%20you%20may%20visit%20this%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-passwords-writeback%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Elink%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

 

Could you please advise me?

I have enabled SSPR / Password Writeback to On-premise AD.

Users are able to reset their password thru passwordreset.microsoftonline.com.

 

When this is enabled, can admins reset users password also from Azure AD / Office 365 and passwords are synced correctly to On-Premise AD?

 

Thanks!

 

Regards, Joonas

2 Replies
Best Response confirmed by Joonas Pakkanen (Occasional Contributor)
Solution

Hi Joonas, here are the supported and unsupported operations for Admins. Basically, Admins can use Azure portal to reset a user password.

 

Supported Administrator operations

  • Any administrator self-service voluntary change password operation
  • Any administrator self-service force change password operation (for example, password expiration)
  • Any administrator self-service password reset originating from the Password Reset Portal
  • Any administrator-initiated end-user password reset from the Azure classic portal
  • Any administrator-initiated end-user password reset from the Azure portal

Unsupported Administrator operations

  • Any administrator-initiated end-user password reset from the Office management portal
  • Any administrator-initiated end-user password reset from PowerShell v1, v2, or the Azure AD Graph API

For detailed reference you may visit this link.

Thank you sir!

Regards, Joonas