Dear Experts,
we created AD users from on premises, sync them to the cloud then enabled SSPR and password writeback, MFA. Here is the scenario when using Powershell script:
User logs in with expired password (or recently changed temporary password) and is notified they have to change the password. On the next screen, the user is prompted to enter their old password, new password, and confirm password. User completes, but gets an error message ("Try again - that's not your current password."). Specifically, error code is 120000. No matter what the user does, the password does not work.
If I used AAD portal, find the user, click RESET Password, this works just expected. And here is my script:
# Connect to Azure AD
Connect-AzureAD
# Path to the CSV file
$csvPath = "C:\test.csv"
# Read the CSV file
$users = Import-Csv -Path $csvPath
# Iterate through each user in the CSV
foreach ($user in $users) {
# Retrieve the user's email address and password from the CSV columns
$email = $user.EmailAddress
$newPassword = $user.NewPassword
# Get the user's ObjectId by mapping their email address
$userObj = Get-AzureADUser -Filter "userPrincipalName eq '$email'"
$objectId = $userObj.ObjectId
if ($objectId) {
# Reset the user's password in Azure AD
Set-AzureADUserPassword -ObjectId $objectId -Password (ConvertTo-SecureString -String $newPassword -AsPlainText -Force) -ForceChangePasswordNextLogin $True
# Display the email and new password
Write-Output "Password reset for user: $email"
Write-Output "New password: $newPassword"
} else {
Write-Output "User with email address $email not found in Azure AD."
}
}