search

Gerenios / AADInternals

AADInternals PowerShell module for administering Azure AD and Office 365
http://aadinternals.com/aadinternals
MIT License
1.2k stars 210 forks source link

Set-AADIntUserPassword not work ? #46

Closed sfonteneau closed 1 year ago

sfonteneau commented 1 year ago

I'm trying to use "Set-AADIntUserPassword" but it doesn't work, maybe I'm missing something?

Import-Module AADInternals
Get-AADIntAccessTokenForAADGraph -SaveToCache

AccessToken saved to cache.

Tenant                             User                          Resource                                Client
-------                             ----                          --------                                  ------
******                              admin@domain.fr     https://graph.windows.net      ***************

Set-AADIntSyncFeatures -EnableFeatures PasswordHashSync

BlockCloudObjectTakeoverThroughHardMatch         : False
BlockSoftMatch                                   : False
DeviceWriteback                                  : False
DirectoryExtensions                              : False
DuplicateProxyAddressResiliency                  : True
DuplicateUPNResiliency                           : False
EnableSoftMatchOnUpn                             : False
EnableUserForcePasswordChangeOnLogon             : False
EnforceCloudPasswordPolicyForPasswordSyncedUsers : False
PassThroughAuthentication                        : False
PasswordHashSync                                 : True
PasswordWriteBack                                : False
SynchronizeUpnForManagedUsers                    : False
UnifiedGroupWriteback                            : False
UserWriteback                                    : False

Set-AADIntUser -UserPrincipalName "test@domain.fr" -ImmutableId test@domain.fr
Get-AADIntUser -UserPrincipalName "test@domain.fr" | select UserPrincipalName,ImmutableId

UserPrincipalName             ImmutableId
-----------------                -----------
test@domain.fr                  test@domain.fr

Set-AADIntUserPassword  -SourceAnchor "test@domain.fr" -hash  FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

CloudAnchor ExtendedErrorInformation
----------- ------------------------
CloudAnchor The password change request cannot be executed since it contains changes to one or more cloud only user objects, which is not supported. Please refer to https://docs.microsof...

Set-AADIntUserPassword  -CloudAnchor "User_c4854aa3-bbbb-eeee-9999-26bedf6e8eb2" -Password "password123"

CloudAnchor                               ExtendedErrorInformation
-----------                               ------------------------
User_c4854aa3-bbbb-eeee-9999-26bedf6e8eb2 The password change request cannot be executed since it contains changes to one or more cloud only user objects, which is not supported. Please ...

If the user was not created by an azure ad connect it does not work ?

sfonteneau commented 1 year ago

I confirm that it works with an account that was created with azure ad connect.