Sep 02 2021 08:01 AM - last edited on Apr 01 2022 10:58 AM by Allen
We have a convoluted system based on our structure. We use an LDAP system as our primary directory. That syncs with on prem AD which then syncs to Azure. This is all designed one way and is not back writable.
Sometimes, our students cannot access their Microsoft licensing and the helpdesk changes their password in M365 admin portal. This breaks our SSO because then their M365 password is not getting synced properly.
My main issue is wondering why the password is not getting changed back to what it should be when on prem AD syncs to Azure. M365 uses the Azure credentials, correct? If you have questions, let me know, I can add details if needed. This has been a very evolved process.
Sep 02 2021 08:12 AMSolution
@JimWilson2000 If the password is changed in Azure AD, there is no record of this on the on-prem AD side. Records on-prem will not just be synced towards Azure AD, there's usually a delta sync that happens, which means nothing will be overwritten unless the record in on-prem AD is changed. Have you considered using password writeback? This way using Azure AD Connect, password changes in Azure AD will be written back into on-prem AD.
Sep 02 2021 08:18 AM
Sep 02 2021 08:24 AM