Office 365 password reset not syncing to on prem with "force password change at next log on"

%3CLINGO-SUB%20id%3D%22lingo-sub-2714215%22%20slang%3D%22en-US%22%3EOffice%20365%20password%20reset%20not%20syncing%20to%20on%20prem%20with%20%22force%20password%20change%20at%20next%20log%20on%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2714215%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20hybrid%20set%20up%20in%20place%20with%20azure%20ad%20connect.%20Pw%20write%20back%20is%20working.%3C%2FP%3E%3CP%3EI%20can%20change%20a%20users%20password%20on%20azure%20portal%20and%20the%20account%20on%20my%20on%20prem%20AD%20gets%20updated%20immediately%20with%20the%20option%20%22change%20password%20at%20next%20log%20on%22%20as%20well%20as%20the%20new%20pw.%20If%20a%20user%20attempts%20to%20log%20in%20to%20a%20domain%20joined%20pc%2C%20they%20get%20prompted%20to%20change%20their%20temp%20pw.%3C%2FP%3E%3CP%3EHowever%2C%20if%20i%20do%20this%20directly%20from%20office%20365%2C%20and%20i'd%20prefer%20this%20since%20it%20generates%20a%20random%20password%2C%20nothing%20happens.%20The%20new%20password%20does%20not%20get%20synced%20to%20ad%20on%20prem%20nor%20the%20option%20%22change%20pw%20at%20next%20log%20on%22%3C%2FP%3E%3CP%3EForce%20Password%20Change%20On%20LogOn%20is%20set%20to%20enabled%20in%20azure%20ad.%20I've%20tried%20to%20force%20delta%20sync%2Fimport%2Ffull%20import%20etc%2C%20nothing.%3C%2FP%3E%3CP%3EWould%20appreciate%20your%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2714215%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Epassword%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

I have hybrid set up in place with azure ad connect. Pw write back is working.

I can change a users password on azure portal and the account on my on prem AD gets updated immediately with the option "change password at next log on" as well as the new pw. If a user attempts to log in to a domain joined pc, they get prompted to change their temp pw.

However, if i do this directly from office 365, and i'd prefer this since it generates a random password, nothing happens. The new password does not get synced to ad on prem nor the option "change pw at next log on"

Force Password Change On LogOn is set to enabled in azure ad. I've tried to force delta sync/import/full import etc, nothing.

Would appreciate your help.

 

0 Replies