"Unable to reset this user’s password" error when an admin tries to reset the password of a user who is a member of a domain that was formerly set up for single sign-on

Article translations Article translations
Article ID: 2671093 - View products that this article applies to.
Expand all | Collapse all

PROBLEM

Consider the following scenario: A user can't sign in to a Microsoft cloud service such as Office 365, Microsoft Azure, or Windows Intune by using a user ID that's a member of a cloud service domain that was formerly set up for single sign-on (SSO). In this scenario, when a cloud service admin tries to reset the user’s password by using the cloud service portal or Azure Active Directory Module for Windows PowerShell, the administrator receives the following error message:
Unable to reset this user’s password. Try again later.

CAUSE

This issue occurs if the user is a member of a cloud service domain that was formerly single sign-on (SSO)-enabled and if the user ID wasn't converted to use standard authentication.

For example, this issue can occur if the following Windows PowerShell cmdlet was used:
convert-MSOLDomainToStandard –skipuserconversion:$true

SOLUTION

To resolve this issue, convert the user ID to a standard (non-federated) type. To do this, follow these steps:
  1. In the same Windows PowerShell console that you used to verify the issue, type the following cmdlet, and then press Enter:
    Convert-MsolFederatedUser -userprincipalname <user ID>
    Note In this cmdlet, the placeholder <user ID> represents the user ID.
  2. Give the user a temporary password. The next time that the user signs in to the cloud service, they have to change their temporary password before they can access cloud service resources.

MORE INFORMATION

Note The Windows PowerShell cmdlets in this article require the Azure Active Directory Module for Windows PowerShell. 

For more information about the Azure Active Directory Module for Windows PowerShell, see Manage Azure AD using Windows PowerShell.

Still need help? Go to the Office 365 Community website or the Azure Active Directory Forums website.

Properties

Article ID: 2671093 - Last Review: July 9, 2014 - Revision: 19.0
Applies to
  • Microsoft Azure
  • Microsoft Office 365
  • Windows Intune
  • CRM Online via Office 365 E Plans
  • Microsoft Azure Recovery Services
  • Office 365 Identity Management
Keywords: 
o365 o365a o365022013 o365e o365m KB2671093

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com