1,986 questions
I finally had to fix the problem by recreating the on-premise AD again and sync the account to solve the problem.
User fail to login after password reset by admin in Azure AD with on-premise AD
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 99%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
hmin
101
Reputation points
When user sign-in with the reset password, system display "Update your password" : "You need to update your password because this is the first time you are signing in, or because your password has expired."
User proceed to change the password will display error message "Your organization doesn't allow you to update your password on this site. Please update it according to the method recommended by your organization, or ask your admin if you need help."
This Azure AD have been connected to on-premise AD before, but the on-premise AD can't be connected.
Any idea to solve this problem? Thanks.
Accepted answer
3 additional answers
Sort by: Most helpful
-
Manu Philip 16,986 Reputation points MVP2021-12-12T08:38:05.093+00:00 As the AAD Connect is not working any more, you may go for disabling the SSPR from the Azure Portal
The document explain, how to enable the feature in Azure portal. You can follow the steps and disable the feature in the below document
tutorial-enable-sspr-writeback-
hmin 101 Reputation points
2021-12-12T12:05:33.49+00:00 Thanks for your advice, but when go to "Password reset | On-premises integration" it display a error message "Unfortunately, it looks like we can't connect to your on-premises writeback client right now. Troubleshoot Azure AD Connect to restore the connection." and both Settings for "Write back passwords to your on-premises directory?", "Allow users to unlock accounts without resetting their password?" already set to No.
Any idea to disable the "SSPR", "On-premises integration", "Azure AD Connect " when the on-premise AD already can't be connected?
Sign in to comment -
-
Manu Philip 16,986 Reputation points MVP
2021-12-12T14:26:33.607+00:00 I am not seeing a reference to fix the issue without an Azure AD connect installation. I am proposing the following cmdlet to see if it helps. The script is basically to disable SSPR through PowerShell
$ADconnector = (Get-ADSyncConnector | Where-Object {$_.Name -like "*AAD"}).Name Set-ADSyncAADPasswordResetConfiguration -Connector $ADconnector -Enable:$False -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 25%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
All Season Auto Parts 0 Reputation points2023-04-05T14:05:00.1733333+00:00 Help to reset my admin password.