Self Service Password reset for Hybrid Azure AD not working as expected

Michael Love 0 Reputation points
2023-02-17T21:10:34.03+00:00

Trying to set up Self Service Password reset for our organization, however I just get a generic failure each time I go to test. I set it up according to the documentation but I'm getting this error. I installed the cloud sync agent, and the Azure AD Connect agents, and both appear healthy in Azure. Any guidance appreciated. EDIT: Trying to let users in a hybrid AD environment to reset their passwords online and have it write back to on-prem AD in case it wasn't clear. AD sync works in every other facet for our org.

User's image

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2023-02-18T13:55:05.9933333+00:00

    Hi there.

    Have you been able to walk through the troubleshooting doc?

    Are you using both AAdConnect and AD Cloud Sync?

    https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/password-writeback-error-code-sspr-0029

    Also:

    [http://blog.petersenit.co.uk/2019/04/sspr-0029-we-are-unable-to-reset-your.html]

    0 comments No comments

  2. Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator
    2023-02-21T16:52:59.2333333+00:00

    @Michael Love

    There are couple of things you have to keep in place to get the SSPR set up in your environment.

    First you will have to enable SSPR feature in Azure portal for users who needs password reset feature.

    Second, you will have to enable password writeback in the on-premise AD connect tool.

    When users reset there password, it gets written back to on-premise and then again new password get's synced to Azure for that user.

    To enable SSPR in Azure AD portal you can refer below article,

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr

    To enable password writeback you can refer below article,

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.