Configuring Password Writeback in Azure AD Sync

To enable the password recording feature, we use the Azure AD Connect tool to provide a secure mechanism for submitting password changes to an existing on-premises Azure AD directory. To learn how the password recording feature works, read this article .

Above all, make sure you always have the latest version of Azure AD Connect on execution. This is an important point, as the password recording feature will no longer work in previous versions 1.0.8641.0 and Azure AD Connect.

So, what happens when a user resets the password and password complexity? When a user resets the password, it is verified to ensure that it meets The policy location of Active Directory before submitting it to that directory. This includes the complexity, age and password filters that have been defined in the Active Directory local .

If you haven't enabled password recording in Azure AD, you'll see something similar, shown in the screenshot below. When you click password reset - local integration , it shows that local integration has not yet been activated .

Azure AD password recording prerequisites

To use password recording, you must have one of the following licenses assigned to your tenant.

  • Azure AD Premium P1
  • Azure AD Premium P2
  • Corporate mobility + E3 or A3 security
  • Corporate mobility + E5 or A5 security
  • Microsoft 365 E3 or A3, Microsoft 365 E5 or A5, Microsoft 365 F1
  • Microsoft 365 Business

Set up password recording in Azure AD

First of all, to set up password recording, sign in to the Azure AD Connect server. Start the Azure AD Connect setup wizard. On the Welcome page, select To set up .

Select the "Customize Synchonization Options" option and click "Next".

In the next option we will have to enter the username and password that was added in the initial configuration of “AD Sync”.

Important points

  • Office 365 user
  • This user does not need to be licensed. It can be a user with the address “”
  • Remembering that this user has to be “Global Administrator” of Tenant of Office365.

After that select the option “Next”.

In the next option we will have to enter the AD username and password that was added in the initial configuration of “AD Sync”.

Important points

  • AD On Premises user.
  • User must be a member of the Enterprise Admins group

After that select the option “Next”.

Select the "Password writeback" option and click "Next".

There we are almost ready to change the password on the portal.

To do this, keep the option “Start the synchronization process when configuration completes” and select “Configure”.

The Password Writeback setup process will begin.

The configuration process finished with the message informing that the process was successfully completed. To finish, click on “Exit”.

After these processes above you will be able to execute the change through the “”.

The password change feature with WriteBack is only available for subscriptions to Azure Active Directory Premium.

Do you know my social networks? If not, access the links below and register to not miss the opportunities to receive the links when they are published.


In case of doubts or problems in the execution, you can leave your comment and we will reply soon.

Thank you and see you in the next post.

Felipe Santos
Felipe Santos is a Cloud and Security Architect, with experience in Windows Server, Cluster, Storages, Backups Veeam and Office 365 environments.



Do you want to upgrade your career? 

Invest in yourself and get ahead! Get that dream job in 2022!