MSOL account is the subject user for an AD password change

Question

MSOL account is the subject user for an AD password change

Ganesan I 5

Hi all,

I have a Entra connect AD setup. In this setup, Azure is only a backup server, where it synchronizes the objects from on-prem AD to Azure AD at a regular frequency.

Whenever I change my password, subject username was "ANONYMOUS LOGON". But recently I noticed MSOL_xxxx account in subject username.

Up to my knowledge, even though this MSOL account has high privileges, it was configured to sync objects alone.

I would be much obliged if anyone explain why this happened?

Thanks in advance.

Andy David - MVP 157.8K Reputation points

2024-07-15T10:43:54.5733333+00:00

Not sure what you mean by "Azure is only a backup server"

But where are you changing this password , what event logs are you seeing this is and do you have SSPR enabled?

https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr
Ganesan I 5 Reputation points

2024-07-16T05:56:26.31+00:00

Hi Andy,

Thanks for the reply.

Yes, I checked the docs and understood that Azure isn't a backup server here, instead Entra connect.

And I learned that when I change my password with the help of on-prem AD, subject user is ANONYMOUS LOGON. And when I change my password with the help of Azure AD, subject user is "MSOL_xxx" (SSPR with password write back).

So, SSPR and password write back is enabled.

Could you confirm whether this is the correct?

ref: https://www.youtube.com/watch?v=LwHUrH82ntU

1 answer

Your answer

Andy David - MVP 157.8K Reputation points

2024-07-15T10:43:54.5733333+00:00

Not sure what you mean by "Azure is only a backup server"

But where are you changing this password , what event logs are you seeing this is and do you have SSPR enabled?

https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr
Ganesan I 5 Reputation points

2024-07-16T05:56:26.31+00:00

Hi Andy,

Thanks for the reply.

Yes, I checked the docs and understood that Azure isn't a backup server here, instead Entra connect.

And I learned that when I change my password with the help of on-prem AD, subject user is ANONYMOUS LOGON. And when I change my password with the help of Azure AD, subject user is "MSOL_xxx" (SSPR with password write back).

So, SSPR and password write back is enabled.

Could you confirm whether this is the correct?

ref: https://www.youtube.com/watch?v=LwHUrH82ntU

Answer 1

Raja Pothuraju 24,385 Microsoft External Staff Moderator

Hello @Ganesan I,

Thank you for posting your query on Microsoft Q&A.

You are correct that when an attempt is made from Entra to change a user password, the MSOL_ account is used to write back these changes to on-premises. This is why you are seeing an audit log with that account name.

SSPR and password writeback are indeed enabled, which allows successful password writeback to on-premises. You can verify this through the Azure Portal as well. Please refer to the following documents for more information:

Tutorial: Enable self-service password reset

Tutorial: Enable password writeback for SSPR

I hope this information is helpful. Please feel free to reach out if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Thanks,
Raja Pothuraju.

Raja Pothuraju 24,385 Reputation points Microsoft External Staff Moderator

2024-07-22T18:01:07.9933333+00:00

Hello @Ganesan I,

Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Raja Pothuraju 24,385 Reputation points Microsoft External Staff Moderator

2024-07-24T19:28:38.7266667+00:00

Hello @Ganesan I,Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Share via

MSOL account is the subject user for an AD password change

1 answer

Your answer