![]() ![]() The user will log onto their office PC with the old password and then ctrl/alt/delete and change the password, overwriting the one in AD and causing a synchronization action to Office 365, further overwriting that one as well. ![]() These passwords become diverged and will only be converged when the user sets the desired password on their PC the next time they’re VPN’d-in or are in the office. Passwords changed by an administrator in Office 365 (Admin, Users, Active Users)-and that don’t required the user to change the password on next logon-don’t generate an AADC Event ID because they’re not written back to Active Directory. When working with Active Directory and sending passwords into the cloud-or when users change their own passwords in the cloud-the process generally works flawlessly. If you are synchronizing your Active Directory with Office 365, the password expiration settings you might set for Cloud-Only accounts do not affect the synchronized accounts. This password is written to the PDCE FSMO role holder where the AD “PwdLastSet” attribute will show the recent action. ![]() Event ID 405 (two of them) will then be logged to show that an LDAP connection is being opened, followed by an Event ID 31007 to state a password has been successfully changed and written to Active Directory. If a user changes their password in Azure AD, and meets all the requirements set in the relevant GPO, an Event ID 31006 is logged on the AADC Server stating the password change process is being started to write to AD. This is the most likely cause of errors when changing passwords in Office 365. Many organizations set Active Directory Group Policies to forbid more than one password change by end users in a 24-hour period. These 33008 messages mean the password is not long enough, complex enough, is a repeat of another recent password or has been changed too recently. If it’s accepted, Event ID 31007 is logged. If an Office 365 user attempts to change their password, Azure AD will immediately communicate with AADC Connect with the desired password. Consequently, single Event ID 656 and 657 might show up to 50 password change events. If an administrator does this for one or more users the same events are logged. When a user changes their own password ctrl/alt/delete on their PC, an Event ID 656 is logged on the Azure AD Connect (AADC) server to say the password is being transmitted, and then Event ID 657 logged when the password is successfully transmitted to the tenant. The process isn’t well documented-certainly not the big ‘gotcha’-so here it is. Office 365 administrators have scrambled to apply the necessary licenses and instructions to allow them to do so. Since so many worldwide have been locked inside their homes, unable to venture out to the office for work, they have been forced to change their own passwords. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |