Share via

33008 - Entra/DC Sync

Daniel Gellard 0 Reputation points
2025-01-12T20:22:12.1466667+00:00

Hi All,

Recently, I set-up a link between Entra ID and a domain controller hosted via an azure VM.

Password has hash, writeback etc has been set-up and the sole purpose of this was to enable us to set more in depth password policies. Outside of the 365 limits.

All seemed to be working ok, did two test runs and then on the 3rd password reset across two users I'm seeing error 33008.

Logs on Entra suggest that the users are now allowed to reset/change password. However, I cannot see any limits on this from Entra ID or the domain controller password policies. There is no limit to how often they can be reset.

Just wanted to see if anyone else has come across this.

Thank you.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,544 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,836 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Abiola Akinbade 21,780 Reputation points
    2025-01-13T07:08:28.4+00:00

    Hello Daniel Gellard,

    Thanks for your question.

    This could be due to minimum age.

    If you have a minimum password age and have recently changed the password within that window of time, you're not able to change the password again until it reaches the specified age in your domain. For testing purposes, the minimum age should be set to 0.

    See: https://zcusa.951200.xyz/en-us/entra/identity/authentication/troubleshoot-sspr-writeback

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.