What causes AADSTS50144?

The user's on-premises Active Directory password has reached the domain password expiration policy limit. Password Hash Sync (PHS) or Pass-Through Authentication (PTA) propagated the expired state from on-prem AD to Entra ID. The user account is governed by a hybrid identity setup where on-prem AD remains the authoritative source for credentials. Self-Service Password Reset (SSPR) writeback is not configured, so the user cannot reset from the cloud. A scheduled/service account is using a personal user identity whose password silently expired

How do I fix AADSTS50144?

Reset the user's password in on-premises Active Directory (ADUC → Reset Password) or have the user run SSPR at https://aka.ms/sspr if password writeback is enabled. Wait for or force an Entra Connect sync (Start-ADSyncSyncCycle -PolicyType Delta) so the new password hash propagates to Entra ID. For unattended Power BI / ADF / Fabric workloads, replace the personal user credential with a Service Principal or Managed Identity to avoid password-expiration outages. Set 'Password never expires' or extend the policy for dedicated service accounts used in gateways or scheduled refreshes (with appropriate compensating controls). Enable SSPR with password writeback in Entra ID so future expirations can be self-resolved without IT involvement

High severityauthentication

Power BI Error:
AADSTS50144

What does this error mean?

The user's on-premises Active Directory password has expired and was synced to Entra ID (Azure AD), blocking sign-in.

Common causes

1The user's on-premises Active Directory password has reached the domain password expiration policy limit
2Password Hash Sync (PHS) or Pass-Through Authentication (PTA) propagated the expired state from on-prem AD to Entra ID
3The user account is governed by a hybrid identity setup where on-prem AD remains the authoritative source for credentials
4Self-Service Password Reset (SSPR) writeback is not configured, so the user cannot reset from the cloud
5A scheduled/service account is using a personal user identity whose password silently expired

How to fix it

1Reset the user's password in on-premises Active Directory (ADUC → Reset Password) or have the user run SSPR at https://aka.ms/sspr if password writeback is enabled
2Wait for or force an Entra Connect sync (Start-ADSyncSyncCycle -PolicyType Delta) so the new password hash propagates to Entra ID
3For unattended Power BI / ADF / Fabric workloads, replace the personal user credential with a Service Principal or Managed Identity to avoid password-expiration outages
4Set 'Password never expires' or extend the policy for dedicated service accounts used in gateways or scheduled refreshes (with appropriate compensating controls)
5Enable SSPR with password writeback in Entra ID so future expirations can be self-resolved without IT involvement

Frequently asked questions

What does AADSTS50144 mean?

User's Active Directory password has expired. Generate a new password for the user or have the user use the self-service reset tool to reset their password.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes