Disabling AAD Connect Password Writeback is easy in both the GUI and Windows PowerShell. In a recent case I found myself troubleshooting AAD Connect where it was in a very broken state that meant the GUI was unavailable due to a pending upgrade:

As part of my troubleshooting, I determined that Password Writeback needed to be disabled. Unfortunately, the dialogue shown above is blocking, which means I was unable to switch it off using the regular GUI. In comes PowerShell:

Disable Password Sync

To disable AAD Connect Password Writeback using Windows PowerShell, run the following commands from a shell as administrator on your AAD Connect server:

Import-Module ADSync
$connector = (Get-ADSyncConnector | Where-Object {$_.Name -ilike "*AAD"}).Name
Get-ADSyncAADPasswordResetConfiguration -Connector $connector
Set-ADSyncAADPasswordResetConfiguration -Connector $connector -Enable:$false

Enable Password Sync

To enable AAD Connect Password Writeback using Windows Powershell, run the following commands from a shell as administrator on your AAD Connect server:

Import-Module ADSync
$connector = (Get-ADSyncConnector | Where-Object {$_.Name -ilike "*AAD"}).Name
Get-ADSyncAADPasswordResetConfiguration -Connector $connector
Set-ADSyncAADPasswordResetConfiguration -Connector $connector -Enable:$true 

Comments/questions

There's no commenting functionality here. If you'd like to comment, please either mention me (@[email protected]) on Mastodon or email me. I don't have any logging or analytics running on this website, so if you found something useful or interesting it would mean a lot to hear from you.