Aug 16 2021
09:12 AM
- last edited on
Jan 14 2022
03:25 PM
by
TechCommunityAP
Aug 16 2021
09:12 AM
- last edited on
Jan 14 2022
03:25 PM
by
TechCommunityAP
Hello all
We are currently in a hybrid PHS environment. We have SSPR turned on and its working. What i am trying to understand is how do we get "work from home users" to update their password? If they never log into the onprem domain, then the flag “DisablePasswordExpiration” will never be removed from the Azure AD account. Any advice is greatly appreciated .
Aug 16 2021 09:41 AM
Aug 16 2021 09:43 AM
Aug 16 2021 09:54 AM
Aug 16 2021 09:58 AM
Aug 16 2021 11:46 AM
@Skipster311-1 As PHS was enabled before the EnforceCloudPasswordPolicyForPasswordSyncedUsers shouldn't forcing a password change solve this scenario considering you already have (1) enabled password writeback in Azure AD Connect and (2) password writeback for SSPR and (3) enabled the EnforceCloudPasswordPolicyForPasswordSyncedUsers (they now comply with Azure AD password expiration policy). When you enable SSPR to use password writeback, users who change or reset their password have that updated password synchronized back to the on-premises AD DS environment as well. Hence the DisablePasswordExpiration value [should] be removed from PasswordPolicies during the next password hash sync.
Just thinking out loud here, haven't used PHS..
@Thijs Lecomte Any input here?
Aug 16 2021 12:50 PM
Aug 16 2021 01:32 PM
Aug 19 2021 04:46 PM