Im confused:
- We create an account in Microsoft 365 and assign a A1 or A3 license.
- We create an account on-premise in Active Directory
Why are you creating two accounts? The account should created on-prem then allowed to sync to Azure.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi
This is our work flow.
The problem: Unable to login on-premise with the account's existing password.
Resetting the account's password in Active Directory resolves this, but that is no solution. We have a bunch of accounts which need to be synced up and we don't want them to have to change their password because of this.
As far as I understand password hash (?) and write-back is working. When changing this password on-premise or in the cloud it works on the other environment within a couple of minutes.
Am I missing something?
Kinds regards
That Cable Guy
Im confused:
Why are you creating two accounts? The account should created on-prem then allowed to sync to Azure.
The account creation orders should be created on-premises first and then synced to Microsoft 365.
On-premises Active directory and Microsoft 365 are two different directories, you can sync the on-premises directory users, groups & devices to Microsoft 365 directory with the tool called Microsoft Entra Connect so that on-prem users are sync to cloud and can utilize the cloud recourses. But you cannot sync the Microsoft 365 cloud users to on-premises directory, because the Microsoft Entra Connect is not support the user writeback because this feature is removed in the August 2015 update to Microsoft Entra Connect.
If you enable the Password writeback in Entra connect the password has sync and password write back work for the on-prem users only.
from your ask, you said Unable to login on-premises with the account's existing password, is this user is created in on-premises AD or Microsoft365 portal or you created two accounts in both on premises and AD?
If you created the user in on-premises AD and you have use the Entra connect tool the user should sync from on-premises AD to Microsoft365 portal, for this user the password writeback and password hash sync should work.
If you are using the Microsoft 365 accounts which is created in the portal for on-premises the behavior is expected, because the users have existed in the Microsoft 365.
Do let us know if you any further queries by responding in the comments section.