You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/active-directory-passwords-troubleshoot.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -140,7 +140,7 @@ A best practice when you troubleshoot problems with password writeback is to ins
140
140
| 33001| ADUnKnownError| This event indicates that there was an unknown error returned by Active Directory. Check the Azure AD Connect server event log for events from the ADSync source for more information.|
141
141
| 33002| ADUserNotFoundError| This event indicates that the user who is trying to reset or change a password was not found in the on-premises directory. This error can occur when the user has been deleted on-premises but not in the cloud. This error can also occur if there is a problem with sync. Check your sync logs and the last few sync run details for more information.|
142
142
| 33003| ADMutliMatchError| When a password reset or change request originates from the cloud, we use the cloud anchor specified during the setup process of Azure AD Connect to determine how to link that request back to a user in your on-premises environment. This event indicates that we found two users in your on-premises directory with the same cloud anchor attribute. Check your sync logs and the last few sync run details for more information.|
143
-
| 33004| ADPermissionsError| This event indicates that the Active Directory Management Agent (ADMA) service account does not have the appropriate permissions on the account in question to set a new password. Ensure that the ADMA account in the user’s forest has reset and change password permissions on all objects in the forest. For more information on how to set the permissions, see Step 4: Set up the appropriate Active Directory permissions. This error could also occur when the user's attribute AdminCount is set to 1.|
143
+
| 33004| ADPermissionsError| This event indicates that the Active Directory Management Agent (ADMA) service account does not have the appropriate permissions on the account in question to set a new password. Ensure that the ADMA account in the user’s forest has reset password permissions on all objects in the forest. For more information on how to set the permissions, see Step 4: Set up the appropriate Active Directory permissions. This error could also occur when the user's attribute AdminCount is set to 1.|
144
144
| 33005| ADUserAccountDisabled| This event indicates that we attempted to reset or change a password for an account that was disabled on-premises. Enable the account and try the operation again.|
145
145
| 33006| ADUserAccountLockedOut| This event indicates that we attempted to reset or change a password for an account that was locked out on-premises. Lockouts can occur when a user has tried a change or reset password operation too many times in a short period. Unlock the account and try the operation again.|
146
146
| 33007| ADUserIncorrectPassword| This event indicates that the user specified an incorrect current password when performing a password change operation. Specify the correct current password and try again.|
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/tutorial-enable-sspr-writeback.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ services: active-directory
6
6
ms.service: active-directory
7
7
ms.subservice: authentication
8
8
ms.topic: tutorial
9
-
ms.date: 02/18/2020
9
+
ms.date: 04/24/2020
10
10
11
11
ms.author: iainfou
12
12
author: iainfoulds
@@ -66,7 +66,7 @@ To set up the appropriate permissions for password writeback to occur, complete
66
66
1. From the **Permissions** tab, select **Add**.
67
67
1. For **Principal**, select the account that permissions should be applied to (the account used by Azure AD Connect).
68
68
1. In the **Applies to** drop-down list, select **Descendant User objects**.
69
-
1. Under *Permissions*, select the boxes for the following options:
69
+
1. Under *Permissions*, select the boxes for the following option:
70
70
***Reset password**
71
71
1. Under *Properties*, select the boxes for the following options. You need to scroll through the list to find these options, which may already be set by default:
72
72
***Write lockoutTime**
@@ -78,7 +78,7 @@ To set up the appropriate permissions for password writeback to occur, complete
78
78
79
79
When you update permissions, it might take up to an hour or more for these permissions to replicate to all the objects in your directory.
80
80
81
-
Password policies in the on-premises AD DS environment may prevent password resets from being correctly processed. For password writeback to work most efficiently, the group policy for *Minimum password age* must be set to 0. This setting can be found under **Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies** within `gpedit.msc`.
81
+
Password policies in the on-premises AD DS environment may prevent password resets from being correctly processed. For password writeback to work most efficiently, the group policy for *Minimum password age* must be set to 0. This setting can be found under **Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies** within `gpedit.msc`.
82
82
83
83
If you update the group policy, wait for the updated policy to replicate, or use the `gpupdate /force` command.
0 commit comments