Is this scenario supported for Azure AD Connect password writeback?

Tom Robinson 1 Reputation point
2020-05-10T17:12:35.767+00:00

I've been trying to setup Azure AD Connect password writeback but without any success. It's a complicated thing to diagnose online, so initially I'm looking for confirmation that what I'm trying to do is possible.

Unlike most Azure AD Connect scenarios, I am starting with a small, existing set of Microsoft 365 Business Standard and Premium users. I am then setting up a brand new on-premise domain (Windows Server 2019) and want to allow the equivalent on-premise users accounts to have their password synchronised with Microsoft 365/Azure AD.

Does Azure AD Connect password writeback work in this scenario? i.e. with the original accounts being created in Microsoft 365 and the on-premise accounts being linked to them?

  • Azure AD Connect: 1.5.30.0
  • Windows Server 2019 Standard
  • Licenses: Microsoft 365 Standard & Microsoft 365 Premium

Things I've tried:

  • Disabling then re-enabling password writeback in Azure AD Connect
  • Running the PowerShell script suggested here
  • Looking for errors in the Windows Event Log, and Azure Portal
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,577 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,506 Reputation points
    2020-05-11T08:19:06.27+00:00

    @TomRobinson-8577 Azure AD Connect: 1.5.30.0 and Windows Server 2019 Standard also support password writeback.

    I assume by Microsoft 365 Standard & Microsoft 365 Premium, you are referring to Microsoft 365 Business Standard and Microsoft 365 Business Premium. If that is the case, you are good with required licenses. If you have Office 365 Business Premium, that doesn't include password writeback feature for synced accounts as only Azure AD Premium P1 or P2 and Microsoft 365 Business include password writeback features. Refer to https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-licensing for more details.

    When you are resetting the password, have you confirmed if you are complying with On-prem password policies? E.g., if the minimum password age is 1 day in on-prem AD and you have synced a newly created user account whose password is not 1 day old, you'll get error.

    -----------------------------------------------------------------------------------------------------------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.