There are times you need to update the Azure AD password of a user that’s synced from Active Directory. However running either Set-AzureADUserPassword or Set-MsolUserPassword fails with one of the following errors.
- Set-MsolUserPassword : You cannot reset a password for a federated user.
- Set-AzureADUserPassword : Error occurred while executing SetUser Code: Request_BadRequest
There is a simple hack to workaround this limitation. All you need to do is temporarily change the user’s UserPrincipalName to that of a managed domain, update the password and then change the UserPrincipalName back to the federated domain.
# Change UPN to managed domain Set-AzureADUser -ObjectId xxxxx -UserPrincipalName email@example.com # Update the password Set-AzureADUserPassword -ObjectId xxxxx # Change UPN back to the federated domain Set-AzureADUser -ObjectId xxxxx -UserPrincipalName firstname.lastname@example.org
That’s it. The user will eventually be signed out of the apps they are in and will have to re-sign in again.
The new password will remain until the user changes their password on-prem in Active Directory which will then sync across to Azure Active Directory.