azure ad connect 8344,对域管理员组成员的权限不足 [英] azure ad connect  8344, insufficient permissions on domain admin group members
问题描述
您好,
我有一个天蓝色广告连接设置。
我的公司需要同步域管理员组中的帐户。
但是这会失败。
我得到的错误是:
8344,权限不足。
我们使用mS-DS-ConsistencyGuid作为源锚点。
我已经在adminsdholder容器上设置了正确的权限:
允许domain \ sa-account特殊访问mS-DS-ConsistencyGuid
                               WRITE PROPERTY
                  READ PROPERTY
这是通过Set-ADSyncMsDsConsistencyGuidPermissions -ADConnectorAccountDN(domain \sa-account的dn)完成的。
当我在域管理员帐户上启用继承时,同步会成功,直到域管理员帐户重置默认安全权限。
我们使用azure广告连接版本1.2.70
有人可以帮忙吗?
我认为您需要的权限是:
- 读取servicePrincipalName
- 写入servicePrincipalName
请转到通过此处的所有问题排查步骤: https://support.microsoft.com/en-us/help/303411/you-receive-a-warning-supersocket-info-warning-information-when-a-sql
Hello,
I have a azure ad connect setup.
My company needs to synchronize accounts that are in the domain administrator group.
However this fails.
The error I get is:
8344, insufficient permissions.
We use the mS-DS-ConsistencyGuid as source anchor.
I already set the correct permissions on the adminsdholder container:
Allow domain\sa-account SPECIAL ACCESS for mS-DS-ConsistencyGuid
WRITE PROPERTY
READ PROPERTY
THis was done via Set-ADSyncMsDsConsistencyGuidPermissions -ADConnectorAccountDN (dn of domain\sa-account)
When I enable inheritance on the a domain admin account, the synchronisation succeeds, until the default security rights get reset on the domain admin member account.
We use azure ad connect version 1.2.70
Can somebody help?
I think the permissions you need are:
- Read servicePrincipalName
- Write servicePrincipalName
Please go through all the troubleshooting steps here: https://support.microsoft.com/en-us/help/303411/you-receive-a-warning-supersocket-info-warning-information-when-a-sql
这篇关于azure ad connect 8344,对域管理员组成员的权限不足的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!