Unable to reset password from Azure AD or SSPR

Question

Unable to reset password from Azure AD or SSPR

Sergi Díaz Ruiz 240

Morning all,

I'm unable to reset password from AAD with global admin account and password writeback ON.

When I try to use SSPR I always get the following error:

Your request could not be processed

There was an error processing your request. Please try resetting your password again by clicking here.

Support information

Support code: 13d24bb1-279e-417e-9d80-2ebb22c6bad1

When I try to reset it from Azure AD:

We're sorry, we're not able to reset this user's password right now. This may be due to temporary issues on our end. Please wait a few minutes and try again.

I have healthy Azure AD Connect sync, I have enabled password writeback, I troubleshoot it with powershell and pass is synchronizing well ...
I have permissions with MSOL account to reset password to the users..

I don't know what more can I do...

Regards,

Accepted answer

2 additional answers

Your answer

Answer 1

Brian Zarb 1,670

Hi there , I would say that the issue is probably deriving from the user, start by looking at their account as this seems to be isolated to just them. SSPR requires Azure Premium P1 or P2, make sure this license is assigned to them. Secondly check for their MFA configuration as this could be incorrectly setup causing some type of conflict.

I hope this helps resolves your issue, please let me know. - Brian

Sergi Díaz Ruiz 240 Reputation points

2023-08-10T14:51:05.7566667+00:00

first of all thanks for the answer.

i disable MFA to do a test. Same errors with MFA disabled. I have a question… who need the license ? The user who reset the password or the targeted user? I explain my self… I’m global admin with license and all… And I want reset the password to user 1.

user 1 needs the AAD P2 too? Why? If only want to reset .. User 1 do nothing… I assigned the license to do the test but I’m not sure and I don’t know how may time we need to wait.thanks for all!
Brian Zarb 1,670 Reputation points

2023-08-10T15:23:59.6766667+00:00
You're welcome!

Regarding your question about the licensing:

Initiator of the Password Reset:

The administrator (in this case, you) doesn't necessarily need a premium license just to reset another user's password through the Azure portal. An admin can manually reset the password for any user without that user having a premium license.

Self-Service Password Reset (SSPR):

If User 1 wants to initiate a self-service password reset, then User 1 would need to be licensed for SSPR. Azure AD Premium P1 or P2 licenses provide this functionality. This allows the user to reset their own password without needing administrator intervention.

So, to clarify:

If you are resetting the password for User 1 through the Azure portal, then User 1 doesn't necessarily need a premium license.

If User 1 wants to reset their own password using SSPR, then User 1 would need a premium license (like Azure AD Premium P1 or P2).

For your testing, after assigning a license to a user, it's typically effective almost immediately, but in some rare cases, it might take up to 24 hours to propagate. However, most changes are effective within a few minutes.
Brian Zarb 1,670 Reputation points

2023-08-11T05:53:51.64+00:00

HI Sergirash, where you able to resolve this?

Answer 2

Hi all,

I resolve this with following steps:
User doesn't need license to reset password from Azure AD, he need it to reset own password from Microsoft reset password service.
Tenant with license P1 or P2 to password writeback
SSPR activate to password write back (we don't need it only to reset password, but then we don't have password write back and the password can be only use to cloud services)
Configure correctly UPN for administrator account and MSOL account.
Disable password writeback after configure UPN correctly in AD and AD Connect.
Synchronize
Enable Password Writeback and synchronize again.

I'm able to:

Reset password from Azure AD to on premise migrated user.
Reset password from Microsoft password reset service.
Password writeback working correctly

Thanks to all!!!

Brian Zarb 1,670 Reputation points

2023-08-11T13:22:18.5366667+00:00

you're welcome, pls mark the appropriate response as the answer.

Answer 3

Hi all,

I resolve this with following steps:
User doesn't need license to reset password from Azure AD, he need it to reset own password from Microsoft reset password service.
Tenant with license P1 or P2 to password writeback
SSPR activate to password write back (we don't need it only to reset password, but then we don't have password write back and the password can be only use to cloud services)
Configure correctly UPN for administrator account and MSOL account.
Disable password writeback after configure UPN correctly in AD and AD Connect.
Synchronize
Enable Password Writeback and synchronize again.

I'm able to:

Reset password from Azure AD to on premise migrated user.
Reset password from Microsoft password reset service.
Password writeback working correctly

Thanks to all!!!

Share via

Unable to reset password from Azure AD or SSPR

2 additional answers

Your answer