Hi Noel,
If you have reset the passwords and the users can log into the portal but not to the on-premises machines, please ensure that password writeback is set up properly. https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback
You'll need to enable it both in AAD Connect and in the portal if you haven't already. https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback
If it's already enabled and you are still seeing this issue, I would suggest confirming the network connectivity, restarting the AAD Connect Sync service if needed, installing the latest AAD Connect release, and disabling and re-enabling the writeback service. There are more troubleshooting steps in this guide: https://learn.microsoft.com/en-us/azure/active-directory/authentication/active-directory-passwords-troubleshoot
Restarting the sync service: