question

StevePowers-7695 avatar image
0 Votes"
StevePowers-7695 asked vipulsparsh-MSFT answered

Microsoft SSPR and Computer Object hash

I am in a Hybrid AD environment with 75% of my users at remote sites and they are using VPN to connect to shared file servers and to reset their log on passwords. If I enable Microsoft SSPR in the Azure environment and the user enables it for their profile, and then they reset their password with SSPR when they are off of the domain totally, without being connected to VPN, will their computer hash be updated when the AD Connect writeback sync completes, or will the computer still be associating the user with the former password, and as a result, when they are off of the domain they can connect to their machine, but once they are back on the domain, they are unable to connect because the hash did not sync? If this occurs would they get a trust error message? If they do get a trust issue, are they able to log into their computer with the old credential, join with the VPN, and then reset the credential using their new password? Or does SSPR work in such away that it sync both the user and the computer object, just like they were on the domain?

azure-ad-connectazure-ad-user-managementazure-ad-hybrid-identity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered

@StevePowers-7695 In a way SSPR is not a machine aware thing. It's a pure user based password reset mechanism and it does work when the user is outside of domain.

So no requirement of VPN connectivity device would be still associating user to old password
once the device connect to VPN, then only the user would be allowed with new password and trust between ADDS and device doesn't break.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.