0

We have hybrid Network and 75% of users are available on O365 joined and 25% users are still using on premise active directory and exchange emails. With covid pandemic, All employees are working from home. We need to enable self service password reset. Because many users get locked and forget their password when they at home.

  • Can i use azure password reset self service with both on premise and O365 users.?
  • What are the limitation when users are in on premise?

All our users have windows 10 client operating system and exchange server use for mail sending.

serverAdmin123
  • 230
  • 3
  • 18

1 Answers1

0

In order to use Azure AD self-service password reset to reset AD passwords you need to enable password writeback in ADConnect; of course, the user accounts you want to allow to reset passwords need to be included in directory synchronization.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback

Massimo
  • 70,200
  • 57
  • 200
  • 323
  • my question is, can i use it for when on premise users not in domain network.? Because now they are at home.. – serverAdmin123 Nov 02 '20 at 11:00
  • Of course, the whole point is being able to reset your AD password using Azure or Office 365, which are accessible from anywhere. – Massimo Nov 02 '20 at 11:11
  • https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-windows Could you please check general limitation and just tell me what does it mean by "Hybrid Azure AD joined machines must have network connectivity line of sight to a domain controller to use the new password and update cached credentials. This means that devices must either be on the organization's internal network or on a VPN with network access to an on-premises domain controller. If " – serverAdmin123 Nov 02 '20 at 11:38
  • This is for resetting passwords *from your computer logon screen*. If you want to do it from the Azure or Office 365 portal, you need no connectivity to your LAN. – Massimo Nov 02 '20 at 11:42
  • Thanks, It was my question.... can i know, if change password via azure portal, does it synchronize with user computer when it is not in domain environment. I assume that it will not happened. – serverAdmin123 Nov 02 '20 at 13:05
  • No, of course the computer has no way of knowing that the user password has changed if it can't talk to a domain controller. There are no workarounds for that, you need at least a VPN connection. – Massimo Nov 02 '20 at 14:26
  • Thank you so much for your time and knowledge.. – serverAdmin123 Nov 03 '20 at 03:44