Jun 24 2021 01:43 PM - edited Jun 24 2021 01:52 PM
Issue: Users unable to login into windows 10 azure ad joined device if the On Premises Active Directory option "User must change password at next login" is checked. When user logs into Azure AD Joined Win10 device, the user receive the following message " User name or password incorrect. Try Again"
When I uncheck the box the user/s able to login into the device.
This behavior occurs when changing user's password in both On Premise Active Directory or using the password reset graph end point.
Looking for a solution to this issue.
Thank You,
-Larry
Jun 25 2021 06:28 AM - edited Jun 25 2021 06:46 AM
Hi,
To be sure...
1.There are no Azure Ad connect errors and it has synced successfully?
2. Are you talking about HaaJD or AAJD?
Jun 25 2021 06:56 AM - edited Jun 25 2021 06:59 AM
Thank You for responding to my request.
The On Prem. AD user account is not disable. Azure AD Block Sign In is "No"
The Azure Join device is in compliance in Intune.
Regardless if the password been changed or not if the On Prem. AD user attribute "User must change password at next login" is checked users can not log into the Azure AD Join device; however, if the same user goes to a domain join device their able to log in and change password. If we uncheck that user attribute "User must change password at next login" the user able to log into their Azure AD Join device.
My organization: over 300k users with about 90k Azure AD Join devices, were in the middle of migrating all devices from domain join to azure join.
We're using SSPR/MFA with Azure AD Connect (1 ver. behind) with PW writeback enabled.
Thank You,
-Larry
Jun 27 2021 12:32 AM
Jun 29 2021 05:10 AM
Oct 21 2022 01:48 AM - edited Oct 21 2022 01:51 AM
Larry Jones
Hello Larry,
Were you able to solve your problem? If so what solution did you use.
I am having almost the same problem.
We have 200 users with computers in azure joined. Self-service password is enabled.
Azure AD Connet is also used.
When the user's password expires when they change the password from
self-service password, the change is OK but the computer does not take
the new password into account.
He is forced to authenticate with the old password to log on to his computer
while Office 365 applications authenticate with the new password.
We looked at the log files, we don't see any errors.
Oct 26 2022 07:51 AM