question

Azurebegginer avatar image
Azurebegginer asked ·

Azure AD - Password reset by Helpdesk and User self service password reset

Hello,

Hope you are well. I understand in Azure AD we can configure so that the end user can reset the password themeself by having configurable challanges.

We are planning for passthrough authontication as we are using on-premise AD connecting with Azure AD using Azure AD connect.

Can the helpdesk resource reset the password on on-premise active directory tool "User and computers" and the password replicates to Azure AD??

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeonLaude avatar image
LeonLaude answered ·

Hi,

Yes this is possible, assuming you have Azure AD Connect synchronization, it will synchronize the password hashes from your on-premise Active Directory (AD) to the Azure Active Directory (Azure AD).

You'll find more information over here:

Implement password hash synchronization with Azure AD Connect sync
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization


Best regards,
Leon

Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
amanpreetsingh-msft answered ·

Hi @NeerajV-6011

By default you will see Password Hash Sync (PHS) and Pass-Through Authentication (PTA) as radio button options in the AD Connect Configuration wizard as shown below and you can only select one of these options:

9107-capture.jpg

However, you can enable PHS as a backup using below option:

Customize synchronization options > connect to Azure and AD > Optional features > Password Hash Synchronization

When you configure this option, PHS also gets enabled and everytime a password is changed in On-premises AD, the password hash gets synchronized to Azure AD every 2 minutes. In this case, if helpdesk resource reset the password on on-premise active directory, it will sync to Azure AD.

Note: If you configure this option, PHS will just act as a backup and PTA will remain your primary mode of authentication. Authentication will not fallback from PTA to PHS automatically. You would have to manually switch to PHS if and when needed.


Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.




capture.jpg (41.6 KiB)
Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.