Self-Service Password reset for Windows

Azure AD has the capability to enable end-users to perform a self-managed reset of the password, in case one does not remember it anymore.

Configuration is fairly easy, and can be done both through Intune and by adding a registry key. Detailed steps on how to do so can be found on https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-windows .

When configuring this on my home tenant, I received the following error:

All usual suspects were covered: the correct licenses were assigned, password writeback was configured and showed up in the portal as working, so no issues there. When opening the SSPR section in the Azure Portal, the following error was shown:

Digging into the Event Viewer on the Azure AD Connect Server revealed the error: The password could not be updated because the management agent credentials were denied access.

Following best practices from Microsoft, the account that was configured in the Azure AD Connect management agent did not have elevated permissions, and therefore did not have the possiblity to reset passwords.

Assigning delegated permissions to reset the password of the OU containing the synced users, solved the issue.

Jente Paredis

Jente Paredis

I am an experienced architect with a strong focus on Security, Identity & Productivity Solutions . I specialize in Azure AD, M365, and Azure Infrastructure Solutions. Throughout my professional career, I have had the pleasure to work with bright-minded people. I care deeply about both People and Technology.

Contact?

Dat kan vandaag nog!

 

Ik sta voor de combinatie van flexibiliteit en passie.

Hierdoor ben ik vaker dan een gemiddeld bedrijf bereikbaar om te helpen met jouw IT-gerelateerd project, probleem of vraagstuk!

Contact

Waarom jentech?

Expert Consultancy

Met meer dan 15 jaar ervaring in zowel KMO-omgevingen als multinationals, is jentech dé betrouwbare partner voor al jouw IT vraagstukken!

Microsoft Training

Expertise opbouwen, up-to-date houden én delen zit in mijn DNA. Ik hecht dan ook véél belang aan het behalen van relevante Microsoft certificaten.

Samenwerking

Ik ben er rotsvast van overtuid dat de combinatie van mijn expertise en jouw inzichten tot een onklopbare samenwerking leidt!

Visie

Ik wil mensen en organisaties helpen om hun eigen doelstellingen te halen door kwalitatieve IT-oplossingen aan te bieden.