Password write back

RST 86 Reputation points
2021-06-02T05:43:15.203+00:00

Hi All

When enabled SSPR and enable Password write back feature in AAD connect and Azure Portal, where does the password reset happens first when a federated user reset the password using SSPR,
Is it first on Azure AD and write back to OnPrem AD or reset in OnPrem AD and password hash synch to Azure AD

PS: PHS is enabled in AAD connect

Thank you in advance!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,393 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,631 Reputation points
    2021-06-02T06:11:22.913+00:00

    Hello @RST ,

    Thanks for reaching out.

    when users change or reset their passwords using SSPR in the cloud, new passwords would be written back to the on-premises AD DS environment (the source of authority) and updated passwords hash will then synchronized to cloud through AAD Connect in real time.

    To lean more, refer : https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback#how-password-writeback-works

    Hope this helps.

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.