Hello,
In a previous domain, we had DirSync installed on a Domain Controller and configured successfully to Sync with our Office 365 (No Hybrid as we only use Exchange online), with Password Sync enabled. I also enabled the password write-back feature. This worked without issue.
We recently built a new domain and installed DirSync on a standalone server vs the DC, repointed it to the existing O365 subscription and enabled password sync as well as password write-back. The text below is a direct copy from PowerShell showing success, and I receive the event that shows success as well.
PS C:\Windows\system32> Enable-OnlinePasswordWriteBack
cmdlet Enable-OnlinePasswordWriteBack at command pipeline position 1
Supply values for the following parameters:
LocalADCredential
AzureADCredential
Password reset write-back is enabled.
Password sync from on prem AD to Azure AD is working without a problem, however the password write-back simply doesn't work. The AD account is an Enteprise Admin, and the Azure account is a Global Administrator. No firewalls between the dirsync server or the DC.
When a user changes their password from the cloud, the password change takes affect, however that change is never written back to AD. No errors in the event logs or FIM sync interface.
Not sure where to start looking to figure out why this is not working. I have scoured the internet to see if there is anything special about installing DirSync on a standalone member server and cant seem to find any indication that the process is different (other than needing to log off and back on when installing on a DC)
Anyone have any ideas on where to look next?
Thanks!