This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 72%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOP%3C/text%3E%3C/svg%3E)
Getting the following error message when trying to test the Self Service Password Reset. SSPR_0029: Your organization hasn’t properly set up the on-premises configuration for password reset.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Hello @Orlando Paulino,
Just checking in to see if the below answer provided by @Abiola Akinbade, @Andy David - MVP, helped.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Hello @Orlando Paulino,
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Still not working for me.
Still not working for me.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 24%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Hello Orlando Paulino,
Thanks for your question.Also see: https://learn.microsoft.com/en-us/troubleshoot/entra/entra-id/user-prov-sync/password-writeback-error-code-sspr-0029
This will help you to troubleshoot if you have correctly setup SSPR.
You can mark it 'Accept Answer' and 'Upvote' if this helped you
Regards,
Abiola
Hello @Orlando Paulino,
Thank you for your feedback.
Based on the information you provided; I understand that you are trying to reset your password by clicking "Can't access your account" on the sign-in page and following the "Forgot Password" flow. After completing all the required verification steps (e.g., alternate email, phone, etc.), the Windows AD administrator attempts to set a new password, but the process fails with the generic error SSPR_0029. Below is the complete error message:
Error Details:
You can't reset your own password because password reset isn't properly set up for your organization.
You must contact your administrator to both reset your password and to investigate the problem.
Hide additional details
SSPR_0029: Your organization hasn't properly set up the on-premises configuration for password reset.
If you're an administrator, you can get more information from the Troubleshoot password writeback article. If you're not an administrator, you can provide this information when you contact your administrator.
For security reasons a Windows AD account that belongs (or belonged) to on-premises AD protected group(s) cannot use SSPR+Password Writeback to reset his/her on-premises password using the flow "Forgot my password"
In order to determine if a user is or was member of a protected group you can check the if the on-premises AD user object has the AdminCount attribute set:
When a user account is added to a Protected Group there's a background task that runs every 60 minutes in AD (SDProp ) that will make the following changes on the account:
As a result, Password Writeback (by default) does not have sufficient permissions to change or reset passwords for such accounts, which is why you are encountering this error.
For a complete list of all Protected Groups by Domain Controller OS version, visitProtected Groups
More Information
How does self-service password reset writeback work in Azure Active Directory?
If you’d like to discuss this issue in more detail offline, please feel free to email me at AzCommunity@microsoft.com with the subject line "Attn: Pothurajur" and include a link to this thread for reference.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".