This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 86%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED6%3C/text%3E%3C/svg%3E)
Hi,
I'm sure that others have asked and I've checked other answers and I have gone through the troubleshooter but I still need some help.
I have followed the instructions for setting up the scenario. I have set up two methods of authentication for a test group with two non-admin users that have an O365 license and our organisation has an Azure P1 license, so for that it should all be fine.
I have checked the user under our AD connect Directory Synchronisation page and the check boxes and other pages and it all the right things seem to be checked, but when I look at the effective permissions of the AD Connect user, it still says it does not have permission to reset passwords which I think is the cause of the issue. I also think I've got too many instances of the SELF user.
I've included some screenshots of the settings etc.
If someone can advise me then it would be greatly appreciated.
Thanks,
DK
Did you set the correct perms for the AADConnect service account? https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback#configure-account-permissions-for-azure-ad-connect
Hi Andy,
Yes i have set the correct permissions for the AAD Service Account. When I checked all those boxes, it seemed that multiple new entries appeared rather than just one.If it works tomorrow then I'll mark this answer.
I have done as suggested and it looks like it might be working now.
Thanks you so much for the help.
DK