Sep 05 2018 10:53 AM
Trying to configure my users to be able to change their passwords from the cloud. I don't want to open up the entire organization to being able to reset on the cloud, just the remote users that will never use a domain PC. I have password reset enabled in the azure portal for the specific group that all these users area member of, however I still get the "you cannot change your password here" when I log in with a test account. I do not have password writeback enabled as I do not want these particular users to be able to change their AD account passwords, just their cloud accounts.
These users DO have ADDS accounts that are sync to O365 because we use Exchange Online as our email service.
Sep 05 2018 11:42 AM - edited Sep 05 2018 11:43 AM
If you're going to allow password changes in the cloud on objects synced with ADSync you have to have a way for it to write back to maintain consistency. Only way around it will be to make your external users Cloud only users.
Sep 05 2018 12:45 PM
Also looking for this answer, would AAD Connect's password write-back feature do this now?
Sep 05 2018 12:47 PM
I don't care about consistency with the remote users. If their passwords are different between on-site and cloud that doesn't matter. Is this possible?
Sep 05 2018 12:55 PM
Sep 05 2018 01:50 PM
Just curious why you wouldn't want these passwords to be written back to your on prem AD?
I get they may not be in the office or external workers, but would it not be quicker for an admin to reset a password on prem if you needed to secure an account from AD without having to login to the 365 admin portal?
Or is it you want the user to have the ability to reset password while not in the office but not need to licence them for EMS to be licenced for AD password writeback?