Hi All
I'm having an issue whereby I've installed Azure Active Directory Connect to get single signon working. All is showing healthy along with Password Writeback Enabled. All is synching OK and single signon working, but when I attempt to reset a users password I get the following in the Azure Portal:
"Unfortunately, you cannot reset this user's password due to a policy or error in your on-premises environment."
I cannot find any problem but in the event logs on the AAD server it also shows event ID 33009
TrackingId: f9167424-bf41-4b67-90ca-4fc16f1d800f, Reason: Synchronization Engine returned an error hr=80004001, message=Not implemented, Context: cloudAnchor: User_c0502f50-ca15-4527-8caf-79c8c05a7464, SourceAnchorValue: 4ZSaPy0nHESpBsVnxpraWA==, AdminUpn: admin@company.com, UserPrincipalName: user@company, Details: Microsoft.CredentialManagement.OnPremisesPasswordReset.Shared.PasswordResetException: Synchronization Engine returned an error hr=80004001, message=Not implemented
at AADPasswordReset.SynchronizationEngineManagedHandle.ThrowSyncEngineError(Int32 hr)
at AADPasswordReset.SynchronizationEngineManagedHandle.ResetPassword(String cloudAnchor, String sourceAnchor, String password, Boolean fForcePasswordChangeAtLogon, Boolean fUnlockAccount, Boolean isSelfServiceOperation)
at Microsoft.CredentialManagement.OnPremisesPasswordReset.PasswordResetCredentialManager.ResetUserPasswordByAdmin(String resetUserPasswordByAdminXmlRequestString)
and Event ID 6329:
An unexpected error has occurred during a password set operation.
"ERR_: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMADoNormalization', 0x2
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMARecursiveUserDelete', 0x2
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMARecursiveComputerDelete', 0x2
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'SkipAdminCountCheck', 0x2
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_: MMS(9640): admaexport.cpp(2837): The server does not contain the LDAP password policy control.
BAIL: MMS(9640): admaexport.cpp(2839): 0x80004001 (Not implemented)
ERR_: MMS(9640): admaexport.cpp(2858): Failed to set the password using LDAP password policy control.
BAIL: MMS(9640): admaexport.cpp(3311): 0x80004001 (Not implemented)
ERR_: MMS(9640): ..\ma.cpp(8195): ExportPasswordSet failed with 0x80004001
Azure AD Sync 1.2.70.0"
I've only found one guy who said he has the same problem and has to rebuild the AAD server to get it to work, I don't really want to do that.
Any suggestions/help greatly appreciated. I don't think its permissions as I;'ve guiven the account:
Reset password
Change password
Write lockoutTime
Write pwdLastSet
Do I have to enable SSPR (Self Service Password Rest), seen that somewhere but don't want to do this at this time ?