Password changing for off-site users

Copper Contributor

Trying to configure my users to be able to change their passwords from the cloud. I don't want to open up the entire organization to being able to reset on the cloud, just  the remote users that will never use a domain PC. I have password reset enabled in the azure portal for the specific group that all these users area  member of, however I still get the "you cannot change your password here" when I log in with a test account. I do not have password writeback enabled as I do not want these particular users to be able to change their AD account passwords, just their cloud accounts.

 

These users DO have ADDS accounts that are sync to O365 because we use Exchange Online as our email service. 

6 Replies

If you're going to allow password changes in the cloud on objects synced with ADSync you have to have a way for it to write back to maintain consistency. Only way around it will be to make your external users Cloud only users. 

Also looking for this answer, would AAD Connect's password write-back feature do this now?

 

I don't care about consistency with the remote users. If their passwords are different between on-site and cloud that doesn't matter. Is this possible?

Not to my knowledge not without making your users Cloud only and not part of the sync with AD sync client.

Just curious why you wouldn't want these passwords to be written back to your on prem AD?

 

I get they may not be in the office or external workers, but would it not be quicker for an admin to reset a password on prem if you needed to secure an account from AD without having to login to the 365 admin portal?

 

Or is it you want the user to have the ability to reset password while not in the office but not need to licence them for EMS to be licenced for AD password writeback?