Hi,
We have removed adfs and replace it with Pass-through authentication (3 agent running)
Now I can reset password for any users who have access to reset the password
I try to reset password I get following error
Event log show following error on agent
TrackingId: xx, Reason: Synchronization Engine returned an error hr=80230626, message=The password could not be updated because the management agent credentials were denied access., Context: cloudAnchor: User_xxxxx, SourceAnchorValue: xxxx==, UserPrincipalName: ******@domian.co.uk, unblockUser: True, Details: Microsoft.CredentialManagement.OnPremisesPasswordReset.Shared.PasswordResetException: Synchronization Engine returned an error hr=80230626, message=The password could not be updated because the management agent credentials were denied access.
at AADPasswordReset.SynchronizationEngineManagedHandle.ThrowSyncEngineError(Int32 hr)
at AADPasswordReset.SynchronizationEngineManagedHandle.ResetPassword(String cloudAnchor, String sourceAnchor, String password, Boolean fForcePasswordChangeAtLogon, Boolean fUnlockAccount, Boolean isSelfServiceOperation)
at Microsoft.CredentialManagement.OnPremisesPasswordReset.PasswordResetCredentialManager.ResetUserPassword(String passwordResetXmlRequestString, Boolean unlockUser)
I have run following command on azure ad connect server
Set-ADSyncPasswordWritebackPermissions -ADConnectorAccountName MSOL_xxxx
-ADConnectorAccountDomain "domain.co.uk" `
-Confirm:$false
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 4%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
