Understand Azure AD password write-back

Q. How does Azure AD password write-back function based on different types of synchronization and federation?

A. Azure AD enables end-user password self-service reset. There is a great document at https://azure.microsoft.com/en-us/documentation/articles/active-directory-passwords-learn-more/ which walks through the details of how the password write-back works. There are essentially three scenarios based on if a user if Azure AD based, synchronized from on-premises AD and if federated. Below is a summary.

  • User is native Azure AD - Password write-back does not occur
  • User is password synchronized from AD - Password change is replicated to on-premises AD
  • User is federated with AD - Password is written to on-premises only since no password exists in Azure AD
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.