Share via

Azure password writeback and Onprem AD - SSPR

Warnakulasuriya Fernando 41 Reputation points
2025-03-15T08:47:49.3+00:00

G'Day,

1 - The tenant has Business Premium licenses and does not have azure P1 or P2. I don't think P1 is required for password writeback.

I was able to successfully set up SSPR, a hard match for the existing onprem users and the user was successfully able to change the password on premises and it has successfully synced with azure and 365. The problem is it is the sspr portal is throwing an error (0029). I've set up microsoft Entra connect and not sync provisioning. I've also followed done the following.

1- Add the AD DS Connector account to the list of allowed users

2- enabled password reset , change and other recommended permissions for the ADDS connector account.

3- The account testing used to have onprem admin privileges and I've removed it from all the groups. The Admin count attribute is set to 0 manually and I think I've made a mistake here.

4- This is the log that I am getting

User's image

Any ideas to fix the issue.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Goutam Pratti 6,170 Reputation points Microsoft External Staff Moderator
    2025-03-24T06:16:36.7133333+00:00

    Hello @Warnakulasuriya Fernando ,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue: Azure password writeback and Onprem AD - SSPR

    Solution: The above problem was solved and had to add the connector account and delegate its permission to the correct OU where the users are in.

    If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 36,261 Reputation points Moderator
    2025-03-16T13:04:05.39+00:00

    Hi @Warnakulasuriya Fernando

    The P1 is required , to have more information about prerequisite please refer to the following MS article:

    Tutorial: Enable Microsoft Entra self-service password reset writeback to an on-premises environment

    Please don't forget to accept helpful answer

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.