We are using Azure AD Connect to sync users and passwords between on premise Active Directory and our Azure AD tenant for Office 365. This seems to work well except for when a Admin resets a password either in Office 365 or in AD. when this happens the password reset is never synced. this causes a problem where if and office 365 admin resets a password and requires the user to change it on next login, the user is never able to change their password because their azure ad password and local ad password are now out of sync and AD Connect will fail. The same happens when an admin reset a password in active directory. The password reset never makes it to Azure. Is this something that should work and we have it configured wrong? or does AD Connect no support admin resets of password?
1
votes
1 Answers
-1
votes
If Office 365 Admin, reset the password, it changed in cloud, but if Azure AD Connect sync is enabled then password in on-premise AD will override the password to the cloud (for every 2 minutes), so the password which is updated in the Cloud is overridden by the On-premise password, then User will unable to sign in. To fix this Microsoft has introduced password writeback feature in the Azure AD Connect, which enable password sync from azure AD to on-premise AD. This feature cannot support before version of Azure AD Connect version 1.0.8641.0. Password can be reset via azure admin portal, but this functionality currently not supported in office admin portal. This will give you a key idea. Here you can get more info
