We came across an interesting issue recently with a tenant after deactivating DirSync.
The issue was that users could not change their own passwords in Office 365, and were given the following error message:
โSorry, you can’t change your password here. Follow the steps recommended by your organization or ask your admin for help.โ
This is the kind of message youโd expect to see when DirSync is still enabled, as your on-premises Active Directory should remain as the master of all identities and password.
So what causes this?
Unfortunately when the issue was raised with Microsoft and further investigation was done nothing stood out as an attribute on the user account to explain the difference between a syncโd user and a cloud user. The only recourse was to escalate this to engineering and get in line.
What was clear was that any users that were created directly in Office 365 after DirSync was deactivated didnโt have the issue.
What was interesting was that we had noticed that one of the pre-DirSync users had reset their own password by choosing the โUnable to sign-inโ method on the sign-in screen, and after doing so was able to go into their profile and change their password at will.
So we tried a quick and simple approach โ we reset all the affected users passwords. Immediately they were able to log in and change their passwords at will in the usual manner.
While not exactly a great solution on a large scale โ at least itโs a quick win that didnโt require further escalation or time being spent to diagnose it.
Discover more from Loryan Strant, Microsoft 365 MVP
Subscribe to get the latest posts sent to your email.
Thanks for this, it saved me some time to escalate etc. and helps me with a quick workaround.