When using Microsoft Azure, federated users are managed by the federated account in CloudGen Access, and the user may have difficulty changing the password in Azure. If running either Set-AzureADUserPassword
or Set-MsolUserPassword
fails with one of the following errors:
- Set-MsolUserPassword : You cannot reset a password for a federated user.
- Set-AzureADUserPassword : Error occurred while executing
SetUser Code: Request_BadRequest
For a workaround, you can temporarily change the user’s UserPrincipalName
to that of a managed domain, update the password, and then change the UserPrincipalName
back to the federated domain.
# Change UPN to managed domain
Set-AzureADUser -ObjectId xxxxx -UserPrincipalName user@domain.onmicrosoft.com
# Update the password
Set-AzureADUserPassword -ObjectId xxxxx
# Change UPN back to the federated domain
Set-AzureADUser -ObjectId xxxxx -UserPrincipalName user@domain.com
The user will eventually be signed out of the apps they are using, and will have to sign in again. The new password will remain until the user changes their password on-prem in Microsoft Entra ID, which will then sync across to Microsoft Entra ID.
For hybrid environments, users can still make changes on the Entra ID that will be sync'ed with Azure.