Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,599 questions
Understanding question, password hash synchronization, entra audit log
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 31%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESF%3C/text%3E%3C/svg%3E)
Schäfer, Marius
0
Reputation points
We manage multiple M365 tenants, all of which are similarly structured.
There is a local AD domain that is synchronized with the AAD via Azure AD-Connect (passwordhash-sync and password-writeback are enabled).
When a user changes their password, the Entra audit log will normally show "Change Password (Self-Service)" or "Change User Password".
In one tennant when a password is changed, it always says "Reset Password". "User initiated password reset", "Reset password (self-service)" or "Reset user password". However, the user always changes his password normally and does not reset it because he forgot it or something similar.
What can cause this?
Sign in to answer