How To Enable Password Writeback SSPR In On-Prem AD And Azure AD

Introduction 

Azure AD Password Writeback is a feature that allows users to reset their passwords from the cloud and have those passwords written back to their on-premises Active Directory domain. To use this feature, a few prerequisites must be met.

Prerequisites 

  • Azure AD connect. 
  • Azure P1 or P2 licenses
  • On-premises AD
  • Hybrid AD joined. 
  • Azure AD sync with Password writeback 

Step 1

This is my on-premises Active Directory which is synced with Azure Active Directory.

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Step 2

This is my Azure Active Directory, and All users have an Azure Premium 2 license.

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Step 3

Once you have configured Azure AD, connect Azure will automatically create one service account in your on-prem AD. That name will be MSOL.

You can find the user from your Active Directory users and computers. 

Note: Make sure View Advanced features are enabled 

Step 3

Double-click MSOL_beb54959f202 and select the Security tab.

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Step 4

Add your MSOL user and select the appropriate field. And make sure the mentioned checkboxes are. 

  • Change Password 
  • Reset Password
  • Write Lockout Time
  • Write pwdLastSet

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Group Policy Configuration 

Step 1

Open Group Policy in your on-prem Active Directory 

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Step 2

I have renamed my default policy to Azure SSO 

Select Computer Configuration>Policies>Windows Settings>Security Settings> Account policy>Password Policy 

Note: This password policy will apply to on-premises users, and once users are synced to on-premises, and they will try to reset the password, this policy will be triggered on these passwords 

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Azure AD Configuration 

Step 1

Make sure your Azure AD connects Password Writeback is enabled. 

Open Azure AD Connect and check Password Writeback 

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Step 2

Select Password reset>Properties>Select your Azure AD user group. In my case, I have created SSPR and assigned AD P2 licenses to my users.

Step 3

Select On-premises integration. And make sure the checkboxes are and save it.

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Self-Service Password Reset

Step 1

Now I'm going to reset my password. 

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Step 2

You can type the security code and click next.

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Step 3

There are two options for you. In my case, I have chosen I forgot my password

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Step 4

Once you have done your Two-factor verification, you can create a new password and click finish.

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Step 5

My password has been reset successfully. 

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Step 6

The same password I can use for my windows login credentials also. 

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

How to Enable Password Writeback SSPR in On-prem AD and Azure AD

Conclusion

This article taught us how to enable SSPR and Azure AD password writeback. This article taught us how to enable SSPR and Azure AD password writeback. If you have any questions, don't hesitate to contact me.

Thank you


Similar Articles