This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 38%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
Hey Team,
I have been struggling with an issue and have not been able to find anything with my google foo that relates to this issue.
I am unable to enabled password writeback within the Azure AD connector, the error that shows in the event log is...
TrackingId: 0a34fa1d-5e2b-4437-9ccc-5f70682e48cd, Error Offboarding: AccessDenied, Message: User does not have service onboarding permissions, Details:
I have followed the enable sspr tutorial to a tee (https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback?WT.mc_id=Portal-Microsoft_AAD_IAM#configuring-password-writeback), it just won't let me enable writeback in the AD Connect Tool.
I am the AD Administrator for my on-premise domain and the global cloud administrator of AAD. the account running AD Connect is a cloud global administrator (not synced from on-prem, as advised by Microsoft https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/unable-configure-pwd-writeback-error), I note my time was out by 3 mins but I have fixed that too.
I have googled high and low, but there are no references to this problem. I am hoping someone here may have a solution.
I appreciate any assistance that you can give.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 50%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
thank you Jeff! I faced the same issue with the GUI based azure connect setup wizard erroring with being unable to enable password write back and your solution of implementing it via powershell worked for us as well.
Hey Team,
I thought I would update, as I was able to solve this by simply enabling Password Writeback via Powershell.
$ADconnector = (Get-ADSyncConnector | Where-Object {$_.Name -like "*AAD"}).Name
Set-ADSyncAADPasswordResetConfiguration -Connector $ADconnector -Enable:$True
I can confirm that my users can now reset passwords via sspr and they sync back to on-prem.
I hope that saves someone days of frustration :)
Ta,
@Jeff Carr • Thank you for posting the solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 6%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMV%3C/text%3E%3C/svg%3E)
Thank you, this solved our problem as well.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 12%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
Thank you for posting the solution to your own problem, so many people don't. I don't know what causes this. For us it could be because we were replacing an existing AADC server.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 51%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKH%3C/text%3E%3C/svg%3E)
Upvote. Worked for us too.