Implementing password writeback
Password writeback is a popular feature of Azure AD Connect. It allows us to write password changes in Azure AD back to on-premises AD, provided that the password does not violate the on-premises AD password policy. It is supported for all three hybrid identity authentication methods (PHS, federation, and PTA).
The main use case of this feature is to implement a self-service password reset solution. This way, a user can reset their password using the Forgot Password option from a cloud application, and the password is written to Azure AD and then written back to on-premises AD!
It is worth noting that administrators control the scenarios where this will be possible. For example, we can choose the users/groups that will be able to use this feature and we can configure the additional authentication methods that will be required for a reset request (Figure 3.51). For security reasons, you may choose not to enable this feature for highly privileged...
