The password given does not specify the user's current password

Sjoerd van den Nieuwenhof 20 Reputation points

Hi, I'm having issues setting the user account to change the password to "forceChangePasswordNextSignIn" to true. I can sign in with the new random password, but when I need to change it, I get the error "The password given does not specify the user's current password" So the first signing is working with the new password that is set by the script, but when I get the question to change the password, it doesn't work. I followed this guide, but this didn't fixed the issue: Below the part of the script that I use to change the password: User's image

The error message at Entra ID users Audit log: User's image

The error message on the Azure AD Connect server: User's image

Anyone having an idea?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,735 questions
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 32,551 Reputation points Microsoft Employee

    Hi Sjoerd van den Nieuwenhof,

    I understand that you are receiving the 33007 "The password given does not specify the user's current password" error on the AD Connect server.

    Here are a few possibilities and steps to try:

    1)Please verify if the password writeback access rights are present on the object and that "Enable Inheritance" is selected as detailed here: Troubleshoot password writeback access rights and permissions - Active Directory | Microsoft Learn  

    2)Please verify that password writeback is enabled in AD Connect and in the portal, and that there aren't any password policies blocking the writeback. See additional troubleshooting steps in the article: General password writeback troubleshooting steps - Active Directory | Microsoft Learn

    3)This can happen if you have the preferred DC configured using NETBIOS and not FQDN.
    Please check under Synchronization Service Manager > Connectors > open the Active Directory Domain Services window > Configure Directory Partitions > and under "Domain controller connection settings", and make sure you have the FQDN of the DC(s), if not have them change it to FQDN.

    4)Ensure that the AD DS Connector account has all necessary permissions. You may need to try changing the password on the account in AD DS and then try to change it in the admin portal.

    If none of these steps help, feel free to reach out to me at ("Attn: Marilee Turscak") and include your subscription ID and a link to this thread, and I can enable a one-time free support case to look into this issue.

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar errors.

    0 comments No comments

0 additional answers

Sort by: Most helpful