Share via

The password given does not specify the user's current password

Sjoerd van den Nieuwenhof 20 Reputation points
2024-02-05T16:30:56.8633333+00:00

Hi, I'm having issues setting the user account to change the password to "forceChangePasswordNextSignIn" to true. I can sign in with the new random password, but when I need to change it, I get the error "The password given does not specify the user's current password" So the first signing is working with the new password that is set by the script, but when I get the question to change the password, it doesn't work. I followed this guide, but this didn't fixed the issue:
https://dirteam.com/sander/2022/08/12/knowledgebase-you-experience-errors-with-eventid-33007-and-33008-when-people-try-to-use-azure-ad-self-service-password-reset/ Below the part of the script that I use to change the password: User's image

The error message at Entra ID users Audit log: User's image

The error message on the Azure AD Connect server: User's image

Anyone having an idea?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Answer accepted by question author
  1. Marilee Turscak-MSFT 37,266 Reputation points Microsoft Employee Moderator
    2024-02-07T00:54:43.62+00:00

    Hi Sjoerd van den Nieuwenhof,

    I understand that you are receiving the 33007 "The password given does not specify the user's current password" error on the AD Connect server.

    Here are a few possibilities and steps to try:

    1)Please verify if the password writeback access rights are present on the object and that "Enable Inheritance" is selected as detailed here: Troubleshoot password writeback access rights and permissions - Active Directory | Microsoft Learn  

    2)Please verify that password writeback is enabled in AD Connect and in the portal, and that there aren't any password policies blocking the writeback. See additional troubleshooting steps in the article: General password writeback troubleshooting steps - Active Directory | Microsoft Learn

    3)This can happen if you have the preferred DC configured using NETBIOS and not FQDN.
    Please check under Synchronization Service Manager > Connectors > open the Active Directory Domain Services window > Configure Directory Partitions > and under "Domain controller connection settings", and make sure you have the FQDN of the DC(s), if not have them change it to FQDN.

    4)Ensure that the AD DS Connector account has all necessary permissions. You may need to try changing the password on the account in AD DS and then try to change it in the admin portal. https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/password-writeback-access-rights-permissions#root-default-permissions-for-the-ad-ds-connector-account-allow

    If none of these steps help, feel free to reach out to me at AzCommunity@microsoft.com ("Attn: Marilee Turscak") and include your subscription ID and a link to this thread, and I can enable a one-time free support case to look into this issue.

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar errors.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.