cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Clarification on Password Writeback

user456902
New Contributor

‎Mar 30 2021 03:46 PM

‎Mar 30 2021 03:46 PM

Clarification on Password Writeback

HI,

So I'm trying to get a better understanding of SSPR and Password Writeback, spceficically if there is any failover recommendations similar to running three agents for Pass-through Authentication.

It is my understanding that Password Writeback is ran as a service bus relay in the Azure AD tenant. Does this use WCF under the hood somehow? I wasn't able to find the "PasswordResetService" in my services window like I can the pass-through Authentication agent service.

If it uses WCF, how does that work, and how is reliability taken into consideration? Does the reset service run in the cloud somehow, and only the AD Sync service on the on-prem server get the messages? What happens if that on-prem server goes down, does password writeback still work?

Thank you!

707 Views
0 Likes
3 Replies
Reply
3 Replies
Gregor Reimling

‎Apr 02 2021 03:36 AM

‎Apr 02 2021 03:36 AM

Re: Clarification on Password Writeback

Hi,
from my perspective, the password will be changed in the Azure AD and this inform the Azure AD Connect service about the password change. The AAD connect inform the DC about the password change. When the AAD connect isn't available, the password cannot write back to the domain. The service needs AAD connect.
0 Likes
Reply
best response confirmed by user456902 (New Contributor)
Seshadrr

‎Apr 02 2021 06:16 AM

‎Apr 02 2021 06:16 AM

Solution

Re: Clarification on Password Writeback

Azure Active Directory (Azure AD) self-service password reset (SSPR) lets users reset their passwords in the cloud, Password writeback is a feature enabled with Azure AD Connect that allows password changes in the cloud to be written back to an existing on-premises directory in real-time.

 

Password Writeback will support below cloud authentication method-

1) Password Hash synchronization (PHS)
2) Password through Authentication (PTA)
3) ADFS

 

Seshadrr_0-1617369232720.png

 

Once the Password wite back feature is enabled, the sync engine calls the writeback library to perform the configuration (onboarding) by communicating to the cloud onboarding service. Any errors encountered during onboarding or while starting the Windows Communication Foundation (WCF) endpoint for password writeback results in errors in the event log, on your Azure AD Connect the machine

0 Likes
Reply
user456902

‎Apr 05 2021 08:33 AM

‎Apr 05 2021 08:33 AM

Re: Clarification on Password Writeback

@SeshadrrThank you! That clarifies a lot for me. I understand now that the writeback service runs in the cloud as a WCF service. That was the main point of clarification I was looking for.

0 Likes
Reply