cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Password change issue

RonaldvdMeer
Iron Contributor

‎Aug 11 2019 05:17 AM - last edited on ‎Jan 14 2022 04:37 PM by

‎Aug 11 2019 05:17 AM - last edited on ‎Jan 14 2022 04:37 PM by

Password change issue

The last weeks we experience issue with users changing passwords.

User are created on premise in the Active Directory and synced with Azure AD connect (where are still running version 1.2.70.0). New users get a temporary password which they have to change on first logon.

Our users get devices which are setup through autopilot. They get prompted to change the password but when they do they get a message that the password is changed but that servers have process this change, resulting in issue that user cannot continue to setup the device. As a work around we tell them to turn of the device. They then can continue through the autopilot process because the password is already changed.

 

We use PTA and PHS still enabled. We moved form ADFS with PHS in June this year to PTA. We didn't have this error the first month after this change.
The error we see in the audit logs is OnPremisesSuccessCloudFailure.

So it seems there is some kind of delay after password is changed on premise.

 

I cannot anything on this particular error

 

 

 

10.2K Views
0 Likes
4 Replies
Reply
4 Replies
ankit shukla

‎Aug 12 2019 03:48 AM

‎Aug 12 2019 03:48 AM

Re: Password change issue

@RonaldvdMeer 

 

1. Update your Azure AD Connect.

2. How are you users changing Password and where ?

the Only way to update your passwords for users is to give them SSPR ( Self Service Password Reset/Change) which does change there password in Cloud ( Azure AD) and not On-premise. It is over write by password coming in from Local AD via Azure AD COnnect Sync every 30 minutes. If you configure Password Write Bacl(Additional Licensing Cost - pRemium Azure AD License needed for that P1/P2) then you can write back password from Azure AD to your Local AD as well.

 

Update Azure AD Connect - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-migrate-adfs-password-hash-sync  & https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-migrate-adfs-pass-through-authen...

Both ways you have to (Mandate) upgrade your Azure AD Connect Version :) 

 

 

Prerequisites for migrating to pass-through authentication

The following prerequisites are required to migrate from using AD FS to using pass-through authentication.

Update Azure AD Connect

To successfully complete the steps it takes to migrate to using pass-through authentication, you must have Azure Active Directory Connect (Azure AD Connect) 1.1.819.0 or a later version. In Azure AD Connect 1.1.819.0, the way sign-in conversion is performed changes significantly. The overall time to migrate from AD FS to cloud authentication in this version is reduced from potentially hours to minutes.

 

As a minimum to successfully perform the steps to migrate to password hash synchronization, you should have Azure AD connect 1.1.819.0. This version contains significant changes to the way sign-in conversion is performed and reduces the overall time to migrate from Federation to Cloud Authentication from potentially hours to minutes.

 

Update your Azure AD Connect and you should be all fixed :)

 

Cheers !

Ankit Shukla

 

0 Likes
Reply
RonaldvdMeer

‎Aug 12 2019 01:03 PM - edited ‎Aug 12 2019 01:04 PM

‎Aug 12 2019 01:03 PM - edited ‎Aug 12 2019 01:04 PM

Re: Password change issue

@ankit shukla 

 

Why do you think upgrading Azure AD connect will fix the problem? As i mentioned our version of Azure AD connect is. 1.2.70.0 which is a higher version 1.1.819.0. 

0 Likes
Reply
CoenRan

‎Nov 05 2021 12:51 AM

‎Nov 05 2021 12:51 AM

Re: Password change issue

@RonaldvdMeer 

Did you manage to solve this problem? We've just started implementing the same steps and we're seeing the same problems (two years later). Thanks in advance.

0 Likes
Reply
CoenRan

‎Nov 05 2021 01:35 AM

‎Nov 05 2021 01:35 AM

Re: Password change issue

I'm sorry, I've should have looked further.

his error seems to happen when you set "User must change password at next logon" at account creation. If you let it sync first, and then set the flag in AD, it will sync and work. Thanks to SamTribe .

0 Likes
Reply