azure ad connect 8344，对域管理员组成员的权限不足 [英] azure ad connect  8344, insufficient permissions on domain admin group members

问题描述

您好，

我有一个天蓝色广告连接设置。

我的公司需要同步域管理员组中的帐户。

但是这会失败。

我得到的错误是：

8344，权限不足。

我们使用mS-DS-ConsistencyGuid作为源锚点。

我已经在adminsdholder容器上设置了正确的权限：

允许domain \ sa-account特殊访问mS-DS-ConsistencyGuid

                                        WRITE PROPERTY

                                       READ PROPERTY

这是通过Set-ADSyncMsDsConsistencyGuidPermissions -ADConnectorAccountDN（domain \sa-account的dn）完成的。

当我在域管理员帐户上启用继承时，同步会成功，直到域管理员帐户重置默认安全权限。

我们使用azure广告连接版本1.2.70

有人可以帮忙吗？

解决方案

我认为您需要的权限是：

- 读取servicePrincipalName

- 写入servicePrincipalName

请转到通过此处的所有问题排查步骤：  https://support.microsoft.com/en-us/help/303411/you-receive-a-warning-supersocket-info-warning-information-when-a-sql

Hello,

I have a azure ad connect setup.

My company needs to synchronize accounts that are in the domain administrator group.

However this fails.

The error I get is: 

 8344, insufficient permissions.

We use the mS-DS-ConsistencyGuid as source anchor.

I already set the correct permissions on the adminsdholder container:

Allow domain\sa-account SPECIAL ACCESS for mS-DS-ConsistencyGuid
                                      WRITE PROPERTY
                                      READ PROPERTY

THis was done via Set-ADSyncMsDsConsistencyGuidPermissions -ADConnectorAccountDN (dn of domain\sa-account)

When I enable inheritance on the a domain admin account, the synchronisation succeeds, until the default security rights get reset on the domain admin member account.

We use azure ad connect version 1.2.70

Can somebody help?

解决方案

I think the permissions you need are:

- Read servicePrincipalName
- Write servicePrincipalName

Please go through all the troubleshooting steps here: https://support.microsoft.com/en-us/help/303411/you-receive-a-warning-supersocket-info-warning-information-when-a-sql

这篇关于azure ad connect 8344，对域管理员组成员的权限不足的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！