locked
change user password using ADFS federation RRS feed

  • Question

  • ADFS can include web pages for users to change their passwords while they are outside the corporate network.it is not possible to change password via directory synchronization? so needs to use Azure premium to rest user password? it is same as using ADFS?
    • Moved by Sapna Girish Tuesday, October 4, 2016 3:24 PM related to AD
    Sunday, October 2, 2016 7:10 AM

All replies

  • Hello,

    We are checking on the query and would get back to you soon on this.

    I apologize for the inconvenience and appreciate your time and patience in this matter.

    Regards,

    Monday, October 3, 2016 5:26 AM
  • Hello,

    Thank you for posting on the Azure forums!

    Directory synchronization using Azure AD Connect makes sure that your on premise users and objects are synchronized on Azure following a specified interval. So this would ensure your users password are synced on Azure AD enabling users to use the same password on premise on AAD.

    By enabling Federation with ADFS you can get the functionality of ADFS on Azure AD which works like ADFS. If you have an on premise ADFS server, enabling federation with ADFS as a synchronization option will provide high availability in case the ADFS server on premise fails. Refer to Integrating your on-premises identities with Azure Active Directory for the password synchronization options and more details. AD FS deployment in Azure talks more about the federation with ADFS feature that you can use. Check the video for Configuring AD FS for user sign-in with Azure AD Connect which has a nice walk through.

    Finally, this feature required AAD Premium to work.

    Hope this helps.

    Regards,

    Loydon

    ________________________________________________________________________________________________________________
    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer so that other customers can benefit from it.

    Wednesday, October 5, 2016 3:01 PM
  • I don't 100% understand your question, nor do I disagree with anything Loydon has said. If however part of your question is to simply ask:

    • Can I use the ADFS "update password" in conjunction with AAD Connect's syncronization?

    The answer is yes. Password's changed via ADFS will be recorded in AD DS. Your ADFS servers will then rely on this password for authentication requests:

    Ref: Enabling Change Password in ADFS


    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    Sunday, October 9, 2016 2:53 PM
  • Azure AD Connect, formerly DirSync, allows you to enable password writeback in your organization, so IdaaS solutions such as Azure Self-Service Password Reset portal can be used as a cloud first solution for password management.

    The AD FS Change Password routine, supports change password but not reset password and sources the password change first in your AD before synching to Azure AD.


    http://blog.auth360.net

    Friday, October 21, 2016 12:53 PM