Is there a way to know if password writeback is enabled or not

Benard Mwanza 1,001 Reputation points
2022-11-15T09:07:29.083+00:00

I have AD connect running for one of my customers. The AD connect was configured by another person who left the company. There was no documentation done after implementation.

I just need to know if password write back is enabled or not.

I tried to run the command below and got that output

PS C:\Windows\system32> Get-ADSyncAADCompanyFeature  
  
  
PasswordHashSync           : True  
ForcePasswordChangeOnLogOn : False  
UserWriteback              : False  
DeviceWriteback            : True  
UnifiedGroupWriteback      : False  
GroupWritebackV2           : False  

Is there a PowerShell script or cmdlet that i can use to get the status for that setting.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,233 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,595 questions
{count} votes

Accepted answer
  1. Givary-MSFT 30,851 Reputation points Microsoft Employee
    2022-11-15T09:34:56.993+00:00

    @Benard Mwanza As mentioned by one of our experts you can run the above command as well you check whether password writeback is enabled on your tenant by going to this section of portal.azure.com

    Azure Active Directory -> Password Reset -> On-premises integration

    Reference: https://www.powershellcenter.com/2021/08/09/adconnect-issue1/

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Harpreet Singh Matharoo 7,621 Reputation points Microsoft Employee
    2022-11-15T09:18:37.213+00:00

    Hello @Benard Mwanza

    Thank you for reaching out. To validate if the Password writeback is enabled you can execute following command on your AD Connect Server:

    Get current status of Password Writeback:

    $connector = (Get-ADSyncConnector | Where-Object {$_.Name -ilike "*AAD"}).Name
    Get-ADSyncAADPasswordResetConfiguration -Connector $connector

    I hope this helps and resolves your query.

    ----------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.