Introduction
Azure AD Password Writeback is a feature that allows users to reset their passwords from the cloud and have those passwords written back to their on-premises Active Directory domain. To use this feature, a few prerequisites must be met.
Prerequisites
- Azure AD connect.
- Azure P1 or P2 licenses
- On-premises AD
- Hybrid AD joined.
- Azure AD sync with Password writeback
Step 1
This is my on-premises Active Directory which is synced with Azure Active Directory.
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Step 2
This is my Azure Active Directory, and All users have an Azure Premium 2 license.
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Step 3
Once you have configured Azure AD, connect Azure will automatically create one service account in your on-prem AD. That name will be MSOL.
You can find the user from your Active Directory users and computers.
Note: Make sure View Advanced features are enabled
![]()
Step 3
Double-click MSOL_beb54959f202 and select the Security tab.
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Step 4
Add your MSOL user and select the appropriate field. And make sure the mentioned checkboxes are.
- Change Password
- Reset Password
- Write Lockout Time
- Write pwdLastSet
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Group Policy Configuration
Step 1
Open Group Policy in your on-prem Active Directory
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Step 2
I have renamed my default policy to Azure SSO
Select Computer Configuration>Policies>Windows Settings>Security Settings> Account policy>Password Policy
Note: This password policy will apply to on-premises users, and once users are synced to on-premises, and they will try to reset the password, this policy will be triggered on these passwords
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Azure AD Configuration
Step 1
Make sure your Azure AD connects Password Writeback is enabled.
Open Azure AD Connect and check Password Writeback
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Step 2
Select Password reset>Properties>Select your Azure AD user group. In my case, I have created SSPR and assigned AD P2 licenses to my users.
![]()
Step 3
Select On-premises integration. And make sure the checkboxes are and save it.
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Self-Service Password Reset
Step 1
Now I'm going to reset my password.
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Step 2
You can type the security code and click next.
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Step 3
There are two options for you. In my case, I have chosen I forgot my password.
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Step 4
Once you have done your Two-factor verification, you can create a new password and click finish.
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Step 5
My password has been reset successfully.
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Step 6
The same password I can use for my windows login credentials also.
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
![How to Enable Password Writeback SSPR in On-prem AD and Azure AD]()
Conclusion
This article taught us how to enable SSPR and Azure AD password writeback. This article taught us how to enable SSPR and Azure AD password writeback. If you have any questions, don't hesitate to contact me.
Thank you