Share via

AAD Password Reset writeback not working for some users?

Eaven HUANG 2,191 Reputation points
2023-02-13T15:49:19.2466667+00:00

Dear Experts,

We have AAD P1 license and had configured Password Reset (Writeback) via AAD portal, we also configured the related settings in AADConnect. We have a conditional policy that enforced all the uses within group named MFA to use MFA verification methods.

I randomly used some of the user accounts trying to see if they are able to log into outlook webpage and select Forget Password option. The odd thing is that some of the users will be prompted for using Authenticator or Phone SMS code to reset their password, some of them will just be prompted that they didn't register password reset.

I didn't know what I've missed. Any advice would be really appreciated.

Thanks for helping out.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,734 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 42,256 Reputation points
    2023-02-13T15:56:30.8666667+00:00

    Hi,

    Usually I have faced similar issue and the issue was with some users having special permissions or blocked inheritance due to some admins blocking top level permissions, please check the the account specified in Azure AD Connect must have the appropriate permissions and options set on that specific OU and users security tab.

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback

    Hope this helps.

    JS

    ==

    Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.

    0 comments
  2. Thameur-BOURBITA 36,226 Reputation points
    2023-02-13T21:49:12.55+00:00

    Hi @Eaven HUANG

    Check your Azure AD connect server , you should have synchronization issues for impacted users.

    It seems that the service account used on the connector of impacted domain doesn't have permission on impacted user objects in order change/reset password.

    Please don't forget to mark helpful answer as accepted

    0 comments
  3. Givary-MSFT 35,466 Reputation points Microsoft Employee
    2023-02-20T09:34:53.3433333+00:00

    @Eaven HUANG I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

    User's image

    Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.