"Unable to reset this user's password" when an admin resets the password of a domain member user
Problem
Consider the following scenario: A user can't sign in to a Microsoft cloud service such as Microsoft 365, Microsoft Azure, or Microsoft Intune by using a user ID that's a member of a cloud service domain that was formerly set up for single sign-on (SSO). In this scenario, when a cloud service admin tries to reset the user's password by using the cloud service portal or Azure Active Directory module for Windows PowerShell, the administrator receives the following error message:
Unable to reset this user's password. Try again later.
Cause
This issue occurs if the user is a member of a cloud service domain that was formerly single sign-on (SSO)-enabled and if the user ID wasn't converted to use standard authentication.
For example, this issue can occur if the following Windows PowerShell cmdlet was used:
convert-MSOLDomainToStandard –skipuserconversion:$true
Note
Azure AD and MSOnline PowerShell modules are deprecated as of March 30, 2024. To learn more, read the deprecation update. After this date, support for these modules are limited to migration assistance to Microsoft Graph PowerShell SDK and security fixes. The deprecated modules will continue to function through March, 30 2025.
We recommend migrating to Microsoft Graph PowerShell to interact with Microsoft Entra ID (formerly Azure AD). For common migration questions, refer to the Migration FAQ. Note: Versions 1.0.x of MSOnline may experience disruption after June 30, 2024.
Solution
To resolve this issue, convert the user ID to a standard (non-federated) type. To do this, follow these steps:
- In the same Windows PowerShell console that you used to verify the issue, type the following cmdlet, and then press Enter:
Convert-MsolFederatedUser -userprincipalname < user ID >
Note
In this cmdlet, the placeholder <user ID> represents the user ID.
- Give the user a temporary password. The next time that the user signs in to the cloud service, they have to change their temporary password before they can access cloud service resources.
More information
Note
The Windows PowerShell cmdlets in this article require the Azure Active Directory module for Windows PowerShell.
Still need help? Go to Microsoft Community or the Microsoft Entra Forums website.
Σχόλια
https://aka.ms/ContentUserFeedback.
Σύντομα διαθέσιμα: Καθ' όλη τη διάρκεια του 2024 θα καταργήσουμε σταδιακά τα ζητήματα GitHub ως μηχανισμό ανάδρασης για το περιεχόμενο και θα το αντικαταστήσουμε με ένα νέο σύστημα ανάδρασης. Για περισσότερες πληροφορίες, ανατρέξτε στο θέμα:Υποβολή και προβολή σχολίων για