SOLVED

Pass change etiquette 201

%3CLINGO-SUB%20id%3D%22lingo-sub-1590406%22%20slang%3D%22en-US%22%3ERe%3A%20Pass%20change%20etiquette%20201%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1590406%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F760367%22%20target%3D%22_blank%22%3E%40TryRestartingIt%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20first%20prerequisite%20is%20to%20have%20AADConnect%20installed%2C%20unless%20you%20have%20other%20requirements%20password%20hash%20synchronization%20is%20the%20common%20option%20to%20go%20with.%20With%20AADconnect%20setup%2C%20all%20the%20user%20passwords%20as%20a%20rule%20of%20thumb%20are%20to%20be%20managed%20from%20on-premises%20active%20directory.%20You%20reset%20the%20password%20on-premises%20and%20let%20it%20sync%20to%20office%20365%2C%20if%20everything%20is%20configured%20right%2C%20it%20should%20take%20around%202-5%20mins%20to%20sync%20the%20password%20to%20office%20365%20automatically%20without%20having%20to%20run%20a%20sync%20manually.%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20is%20a%20reference%20article%20from%20Microsoft%20regarding%20password%20hash%20synchronization%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fhow-to-connect-password-hash-synchronization%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fhow-to-connect-password-hash-synchronization%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1590408%22%20slang%3D%22en-US%22%3ERe%3A%20Pass%20change%20etiquette%20201%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1590408%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F760367%22%20target%3D%22_blank%22%3E%40TryRestartingIt%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDepends%20on%20how%20you%20have%20set%20up%20Azure%20AD%20Connect.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENormally%2C%20Azure%20AD%20Connect%20is%20set%20up%20for%20one%20way%20traffic%20-%20password%20is%20set%20in%20AD%2C%20and%20synchronised%20with%20365.%20If%20you%20change%20the%20password%20in%20365%2C%20it%20will%20get%20replaced%20with%20the%20AD%20password%20the%20next%20time%20it%20is%20synchronised.%20In%20this%20case%2C%20you%20need%20to%20change%20the%20password%20on-prem.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20have%20an%20Azure%20P1%20licence%20and%20have%20set%20up%20%22Password%20writeback%22%20in%20Azure%20AD%20connect%2C%20then%20you%20can%20synchronise%20the%20passwords%20both%20ways%20between%20365%20and%20on%20prem.%20In%20this%20case%2C%20you%20can%20reset%20the%20password%20in%20either%20and%20it%20will%20write%20to%20the%20other.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps%2C%3C%2FP%3E%3CP%3EMark%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1590323%22%20slang%3D%22en-US%22%3EPass%20change%20etiquette%20201%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1590323%22%20slang%3D%22en-US%22%3EWhen%20utilizing%20and%20on%20prem%20ad%20server%20with%20integrated%20azure%20o365%20suit%2C%20what%20is%20the%20best%20way%20to%20change%20a%20user%E2%80%99s%20password%3F%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1590323%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn-Premises%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor
When utilizing and on prem ad server with integrated azure o365 suit, what is the best way to change a user’s password?
2 Replies
best response confirmed by TryRestartingIt (New Contributor)
Solution

Hey @TryRestartingIt,

 

The first prerequisite is to have AADConnect installed, unless you have other requirements password hash synchronization is the common option to go with. With AADconnect setup, all the user passwords as a rule of thumb are to be managed from on-premises active directory. You reset the password on-premises and let it sync to office 365, if everything is configured right, it should take around 2-5 mins to sync the password to office 365 automatically without having to run a sync manually. 

Here is a reference article from Microsoft regarding password hash synchronization: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchron...

 

Thanks

Hi @TryRestartingIt 

 

Depends on how you have set up Azure AD Connect.

 

Normally, Azure AD Connect is set up for one way traffic - password is set in AD, and synchronised with 365. If you change the password in 365, it will get replaced with the AD password the next time it is synchronised. In this case, you need to change the password on-prem.

 

If you have an Azure P1 licence and have set up "Password writeback" in Azure AD connect, then you can synchronise the passwords both ways between 365 and on prem. In this case, you can reset the password in either and it will write to the other. 

 

Hope this helps,

Mark