Windows 10, Azure AD Join and Password Changes

AzureSo we are deploying Workspace One, and our devices are joined to Azure AD. 
We have found an issue when the user is prompted to change their password.

When the user is prompted to change their password, they are directed to

The user successfully changes their password, and then finds that they cannot connect to our on-premise Active Directory resources.

The Local Profile (Cached) Password on the workstation is not being updated with the users new password.

Fix / workaround

  1. User still changes their password via
  2. They then immediately LOCK their workstation (Windows + L)
  3. They unlock their workstation, with their NEW password.

Why this works
It forces the local workstation to validate the password with Azure AD, and then this updates the copy of the password which is stored in the local workstation user profile.

The Old New Thing – Why does it take longer to reject an invalid password than to accept a valid one?
Microsoft – Cached credentials security in Windows Server 2003, in Windows XP, and in Windows 2000

The Windows 10 “Hardware Hash” for AutoPilot

You can get the script to export the value from a computer here.

The main thing the script does is call WMI to get the DeviceHardwareData value.  It’s a real shame that you can’t generate this data yourself.  In Microsoft’s own words:

Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.


"… Just get through the day …"

“First of all, I do not want you to give in to the pressure of the moment.  Whenever you’re hurting bad, just hang in there.  Finish the day.  Then, if you’re still feeling bad, think about it long and hard before you decide to quit.  Second, take it one day at a time.  One evolution at a time.

Don’t let your thoughts run away with you, don’t start planning to bail out because you’re worried about the future and how much you can take.  Don’t look ahead to the pain.  Just get through the day, and there’s a wonderful career ahead of you.”

Captain Joseph Maguire, as mentioned in Lone Survivor: The Incredible True Story of Navy SEALs Under Siege