How to fix Insufficient privileges to complete the operation on Password reset On-premises integration Active Directory Azure

Question

How to fix Insufficient privileges to complete the operation on Password reset On-premises integration Active Directory Azure

PCarp 30

The problem is that I have the legend "Insufficient privileges to complete the operation." in the "On-premises integration" functionality to enable the option for users to change their password from the Microsoft 365 portal and replicate to the Local Active Directory with the "Azure Active Directory Connector", I have already validated the connector permissions on Windows Server but I still can't enable the functionality.

User's image

Konstantinos Passadis 19,591 Reputation points MVP

2023-05-11T22:00:41.99+00:00

Hello @PCarp

Do you have any feedback or your issue is resolved?

In case any answer helped kindly mark it as Accepted and upvote so others can benefit as well!

Regards
Mars Gorgeski 0 Reputation points

2023-05-26T11:31:50.7733333+00:00

Stuck with the same crap, and the responses below are just not helpful. Have you fixed it?
Konstantinos Passadis 19,591 Reputation points MVP

2023-05-26T13:34:38.8033333+00:00

Hello @PCarp

To display the "Password reset | On-premises integration" option in Azure AD, you need to have the Global administrator or Cloud application administrator role assigned to your user account.
Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator

2023-05-29T08:03:58.8333333+00:00

@PCarp

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.
Jason Cermak 120 Reputation points

2023-06-15T23:54:27.2833333+00:00

Same issue. I am logged in as Global Administrator and still getting this message.

Accepted answer

3 additional answers

Your answer

Konstantinos Passadis 19,591 Reputation points MVP

2023-05-11T22:00:41.99+00:00

Hello @PCarp

Do you have any feedback or your issue is resolved?

In case any answer helped kindly mark it as Accepted and upvote so others can benefit as well!

Regards
Mars Gorgeski 0 Reputation points

2023-05-26T11:31:50.7733333+00:00

Stuck with the same crap, and the responses below are just not helpful. Have you fixed it?
Konstantinos Passadis 19,591 Reputation points MVP

2023-05-26T13:34:38.8033333+00:00

Hello @PCarp

To display the "Password reset | On-premises integration" option in Azure AD, you need to have the Global administrator or Cloud application administrator role assigned to your user account.
Sandeep G-MSFT 20,906 Reputation points Microsoft Employee Moderator

2023-05-29T08:03:58.8333333+00:00

@PCarp

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.
Jason Cermak 120 Reputation points

2023-06-15T23:54:27.2833333+00:00

Same issue. I am logged in as Global Administrator and still getting this message.

Answer 1

I found the solution for this for our organization. The admin user had Global admin privileges and was still getting the message. The error is not descriptive; the actual issue was we did not have a sufficient license to use the service. You need Azure Active Directory P1 or P2 to enable this service and get rid of this error.

Upgrading to P1 or P2 is incredibly convoluted as most MS licensing is. We have Azure AD as a result of having O365 Business Basic licenses, which allows us to login to the Azure Portal: https://portal.azure.com but to add the P1 or P2 license you need to log into the 365 admin portal: https://admin.microsoft.com/AdminPortal and navigate to Billing - Purchase Services. Search for "Azure" and you can then purchase P1 or P2. There is a P2 trial available for 100 users that we signed up for, then go back to the Azure portal and the On-Premises Integration no longer shows the "Insufficient Privileges" message.

Requirements for password write back in a hybrid environment are listed here: https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback#prerequisites

How to sign up for premium licenses is listed here: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-get-started-premium

PCarp 30 Reputation points

2023-06-17T16:11:11.5833333+00:00

It was indeed the solution, something I had not found before. Thanks for the support.
Robert From Melbourne 5 Reputation points

2023-10-30T06:02:22.0366667+00:00

Jason, You are a legend ! Thank you ! pulling my hair out on this one. Descriptive errors would save a whole world of pain. Thank you !!

Answer 2

Konstantinos Passadis 19,591 MVP

Hello @PCarp

To display the "Password reset | On-premises integration" option in Azure AD, you need to have the Global administrator or Cloud application administrator role assigned to your user account.

What is your user role ?

Kindly mark the answer as Accepted and Upvote in case it helped or post your feedback to help !

Regards

Answer 3

Efi Passa 0

Hi,

i had the same problem. With Ctrl + F5, clearing the cache, it worked for me.

Answer 4

Kashif Hussain 0

Not an ideal solution in a production environment. But in test environment I got the same issue, which is fix by putting my login user to Domain Admin Group , gpupdate on both client machine and DC It works.

Share via

How to fix Insufficient privileges to complete the operation on Password reset On-premises integration Active Directory Azure

3 additional answers

Your answer