cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Password changes in M365 Vs Azure

JimWilson2000
Copper Contributor

‎Sep 02 2021 08:01 AM - last edited on ‎Apr 01 2022 10:58 AM by

‎Sep 02 2021 08:01 AM - last edited on ‎Apr 01 2022 10:58 AM by

Password changes in M365 Vs Azure

We have a convoluted system based on our structure. We use an LDAP system as our primary directory. That syncs with on prem AD which then syncs to Azure. This is all designed one way and is not back writable.

Sometimes, our students cannot access their Microsoft licensing and the helpdesk changes their password in M365 admin portal. This breaks our SSO because then their M365 password is not getting synced properly.

My main issue is wondering why the password is not getting changed back to what it should be when on prem AD syncs to Azure. M365 uses the Azure credentials, correct? If you have questions, let me know, I can add details if needed. This has been a very evolved process.

Labels:
1,073 Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by JimWilson2000 (Copper Contributor)
pvanberlo

‎Sep 02 2021 08:12 AM

‎Sep 02 2021 08:12 AM

Solution

Re: Password changes in M365 Vs Azure

@JimWilson2000 If the password is changed in Azure AD, there is no record of this on the on-prem AD side. Records on-prem will not just be synced towards Azure AD, there's usually a delta sync that happens, which means nothing will be overwritten unless the record in on-prem AD is changed. Have you considered using password writeback? This way using Azure AD Connect, password changes in Azure AD will be written back into on-prem AD.

0 Likes
Reply
JimWilson2000

‎Sep 02 2021 08:18 AM

‎Sep 02 2021 08:18 AM

Re: Password changes in M365 Vs Azure

LDAP (Oracle) is our authoritative directory based on our ERP and history. It makes sense about the delta though, I had not considered that.
0 Likes
Reply
pvanberlo

‎Sep 02 2021 08:24 AM

‎Sep 02 2021 08:24 AM

Re: Password changes in M365 Vs Azure

Unless the settings were changed, the default Azure AD Connect uses would be to do a delta sync every 30 minutes, so this is likely the cause of your problems. How about just telling the helpdesk to actually not change the password there? ;)
0 Likes
Reply
JimWilson2000

‎Sep 02 2021 08:43 AM

‎Sep 02 2021 08:43 AM

Re: Password changes in M365 Vs Azure

That was the first thing I said!
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by JimWilson2000 (Copper Contributor)
pvanberlo

‎Sep 02 2021 08:12 AM

‎Sep 02 2021 08:12 AM

Solution

Re: Password changes in M365 Vs Azure

@JimWilson2000 If the password is changed in Azure AD, there is no record of this on the on-prem AD side. Records on-prem will not just be synced towards Azure AD, there's usually a delta sync that happens, which means nothing will be overwritten unless the record in on-prem AD is changed. Have you considered using password writeback? This way using Azure AD Connect, password changes in Azure AD will be written back into on-prem AD.

View solution in original post

0 Likes
Reply