Password change issue

Frequent Contributor

The last weeks we experience issue with users changing passwords.

User are created on premise in the Active Directory and synced with Azure AD connect (where are still running version New users get a temporary password which they have to change on first logon.

Our users get devices which are setup through autopilot. They get prompted to change the password but when they do they get a message that the password is changed but that servers have process this change, resulting in issue that user cannot continue to setup the device. As a work around we tell them to turn of the device. They then can continue through the autopilot process because the password is already changed.


We use PTA and PHS still enabled. We moved form ADFS with PHS in June this year to PTA. We didn't have this error the first month after this change.
The error we see in the audit logs is OnPremisesSuccessCloudFailure.

So it seems there is some kind of delay after password is changed on premise.


I cannot anything on this particular error




4 Replies

@Ronald Meer 


1. Update your Azure AD Connect.

2. How are you users changing Password and where ?

the Only way to update your passwords for users is to give them SSPR ( Self Service Password Reset/Change) which does change there password in Cloud ( Azure AD) and not On-premise. It is over write by password coming in from Local AD via Azure AD COnnect Sync every 30 minutes. If you configure Password Write Bacl(Additional Licensing Cost - pRemium Azure AD License needed for that P1/P2) then you can write back password from Azure AD to your Local AD as well.


Update Azure AD Connect -  &

Both ways you have to (Mandate) upgrade your Azure AD Connect Version :) 



Prerequisites for migrating to pass-through authentication

The following prerequisites are required to migrate from using AD FS to using pass-through authentication.

Update Azure AD Connect

To successfully complete the steps it takes to migrate to using pass-through authentication, you must have Azure Active Directory Connect (Azure AD Connect) 1.1.819.0 or a later version. In Azure AD Connect 1.1.819.0, the way sign-in conversion is performed changes significantly. The overall time to migrate from AD FS to cloud authentication in this version is reduced from potentially hours to minutes.


As a minimum to successfully perform the steps to migrate to password hash synchronization, you should have Azure AD connect 1.1.819.0. This version contains significant changes to the way sign-in conversion is performed and reduces the overall time to migrate from Federation to Cloud Authentication from potentially hours to minutes.


Update your Azure AD Connect and you should be all fixed :)


Cheers !

Ankit Shukla


@ankit shukla 


Why do you think upgrading Azure AD connect will fix the problem? As i mentioned our version of Azure AD connect is. which is a higher version 1.1.819.0. 

@Ronald Meer 

Did you manage to solve this problem? We've just started implementing the same steps and we're seeing the same problems (two years later). Thanks in advance.

I'm sorry, I've should have looked further.

his error seems to happen when you set "User must change password at next logon" at account creation. If you let it sync first, and then set the flag in AD, it will sync and work. Thanks to SamTribe .