Hi All
my config is: I have Azure AD Connect syncing my users into my Azure AD tenant, we have pass though auth and SSO configured, and password write back has been enabled and works (was working)
I have an odd problem and the conditions seem to be changing, if a user who as set up password reset function goes though the password reset process, they are able to reset their password and it writes back to the on prem AD
if an admin (Global admin or Password admin, have tired both) try to rest the users password via either office 365 portal or the Azure portal, the portal will say its successful, but the password will not be changed in the on prem AD
I see event 31019 in the AD Connect box, but no other events related to password reset, I've also done some packet dumps and it doesn't look like it tries to talk to a DC during this event.
Now to throw a spanner in the works (note NOTHING was changed in between) Yesterday: if you attempted to reset a password from the AZURE AD portal, at first it would try, it would throw an error saying that our policy would not allow this function (this is because the default password it tired to use is only 8 characters or something and doesn't meet our on prem policy) then it would allow be to enter a password on the next screen and try again, if I entered a password that meets the requirements it would work, it would actually update the password in the on prem AD, and a few extra messages would appear in the AD Connect application log
Note- if i tired to use that same password in the 0365 portal to reset the users password, it would say it was successful bot not work
fast forward to TODAY and now the Azure portal resst no longer complains that there is a policy issue when you try to rest a password from there, it says its successfully reset with some password that would not actually have been accepted by our on prem AD, but does not work, again i see the 31019 messages in the AD Connect Application logs, but nothing else
can anyone help me with what is going on here?