So we are deploying Workspace One, and our devices are joined to Azure AD.
We have found an issue when the user is prompted to change their password.
When the user is prompted to change their password, they are directed to https://account.activedirectory.windowsazure.com/ChangePassword.aspx
The user successfully changes their password, and then finds that they cannot connect to our on-premise Active Directory resources.
The Local Profile (Cached) Password on the workstation is not being updated with the users new password.
Fix / workaround
- User still changes their password via https://account.activedirectory.windowsazure.com/ChangePassword.aspx
- They then immediately LOCK their workstation (Windows + L)
- They unlock their workstation, with their NEW password.
Why this works
It forces the local workstation to validate the password with Azure AD, and then this updates the copy of the password which is stored in the local workstation user profile.
The Old New Thing – Why does it take longer to reject an invalid password than to accept a valid one?
Microsoft – Cached credentials security in Windows Server 2003, in Windows XP, and in Windows 2000