How to change password in Azure Active Directory Domain Services and sync back to Azure AD

Roger Seekell 96 Reputation points
2020-10-29T12:14:47.133+00:00

Hello. We have on-prem AD, Azure AD, and we also have Azure AD DS.
Is it possible to change a user's password in Azure AD DS and have it write back to Azure AD?
I am an administrator in Azure AD DS, yet there are a lot of permissions I don't have on the AADDS Users OU, such as changing descriptions or resetting passwords. I even looked at effective permissions for my account on the AADDS Users OU, and I have a green check for Change Password, but I still cannot do it.

Is it even possible to change password on Azure AD DS and have it sync through Azure AD all the way back to on-prem AD? If so, how do I grant/delegate that permission? Thanks.

Microsoft Entra
{count} votes

2 answers

Sort by: Most helpful
  1. Abhijeet-MSFT 546 Reputation points Microsoft Employee
    2020-11-09T09:38:35.243+00:00

    Hi @Roger Seekell , password changes only flow from Azure Ad to Azure AD Domain Services. Changes do not flow back from Azure AD Domain Services to Azure AD.

    2 people found this answer helpful.
    0 comments No comments

  2. Roger Seekell 96 Reputation points
    2020-10-29T18:55:13.477+00:00

    Thank you for the response. I have looked over that document several times, but it does not answer my questions:

    1. How do I change a password for a synced account in Azure AD DS? Is that even possible? Is it possible with a cloud-only account?
    2. If I can change the password in Azure AD DS, will it sync back to Azure AD?
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.