无法启用Azure SSO [英] Can Not enable Azure SSO
问题描述
我正在尝试启用Azure无缝登录。但是我无法使用AD Connect或PowerShell工作。
如果我通过AD Connect尝试它,在我输入我的域管理员凭据后,我收到错误:发生错误找到计算机帐户。
如果我通过Power shell尝试它,我会收到此错误,我知道这不是一个糟糕的用户名/密码,我的管理员帐户启用了MFA,但是MFA是我在网络内工作时没有激活。
PS C:\Program Files \ Microsoft Azure Active Directory Connect> Enable-AzureADSSOForest
cmdlet在命令管道位置启用AzureADSSOForest 1
以下参数的供应值:
(输入!?获取帮助。)
$
OnPremCredentials
[16:38:08.316] [ 8] [INFORMATIONAL] GetDefaultWellKnownContainer:试图查找默认的众所周知的容器
r ...
异常数据(Raw):System.Security.Authentication.AuthenticationException :用户名或密码不正确。
---> System.DirectoryServices.DirectoryServicesCOMException:用户名或密码不正确。
在System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry,String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context,DirectoryEntry
directoryEntry,String propertyName)
---内部异常堆栈跟踪结束---
at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context,DirectoryEntry
directoryEntry,String propertyName)
at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context)
at Microsoft.KerberosAuth.KerberosAuthInterface.OnPremiseOperations.LdapClientProvider.GetDomainDistinguishedName(OnP
remAuthenticationContext onPremAuthenticationContext)
启用-AnandADSSOForest:用户名或密码不正确。
行:1字符:1
+启用 - AzureADSSOForest
+ ~~~~~~~~~~~~~~~~~~ ~~~~~~
  + CategoryInfo         :NotSpecified:(:) [Enable-AzureADSSOForest],AuthenticationException
  + FullyQualifiedErrorId:System.Security.Authentication.AuthenticationException,Microsoft.KerberosAuth.Powershell
.PowershellCommands.EnableAzureADSSOForestCommand
嗨阿里G,
您是否确保在每一步输入正确的凭证?您需要在第一步获得全局租户云管理员(onmicrosoft.com)凭据,并在第二步获得本地企业管理员凭据。你可以确认你可以在其他地方使用这些凭证登录
吗?
我的博客文章中有截图显示了要使用的凭据。 https://medium.com/@marilee .turscak / configure-pass-through-authentication-in-azure-active-directory-through-aad-connect-wizard-c2fde09503ba
Hi,
I'm trying to enable Azure Seamless Sign-on. But I can't get it work using the AD Connect or through PowerShell.
If I try it through AD Connect, after I enter my domain Admin credentials I get the error: An Error occurred while locating computer account.
If I try it through Power shell I get this error, and I know it's not a bad username/password, MFA is enabled for my admin account, but MFA is not active when I'm working inside the network.
PS C:\Program Files\Microsoft Azure Active Directory Connect> Enable-AzureADSSOForestcmdlet Enable-AzureADSSOForest at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
OnPremCredentials
[16:38:08.316] [ 8] [INFORMATIONAL] GetDefaultWellKnownContainer: Attempting to look up the default well-known containe
r...
Exception Data (Raw): System.Security.Authentication.AuthenticationException: The user name or password is incorrect.
---> System.DirectoryServices.DirectoryServicesCOMException: The user name or password is incorrect.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry
directoryEntry, String propertyName)
--- End of inner exception stack trace ---
at System.DirectoryServices.ActiveDirectory.PropertyManager.GetPropertyValue(DirectoryContext context, DirectoryEntry
directoryEntry, String propertyName)
at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context)
at Microsoft.KerberosAuth.KerberosAuthInterface.OnPremiseOperations.LdapClientProvider.GetDomainDistinguishedName(OnP
remAuthenticationContext onPremAuthenticationContext)
Enable-AzureADSSOForest : The user name or password is incorrect.
At line:1 char:1
+ Enable-AzureADSSOForest
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Enable-AzureADSSOForest], AuthenticationException
+ FullyQualifiedErrorId : System.Security.Authentication.AuthenticationException,Microsoft.KerberosAuth.Powershell
.PowershellCommands.EnableAzureADSSOForestCommand
Hi Ali G,
Have you ensured that you are entering the right credentials at each step? You need your global tenant cloud admin (onmicrosoft.com) credentials at the first step and your local enterprise admin credentials at the second step. Can you confirm that you can login with those credentials elsewhere?
I have screenshots in my blog post that show which ones to use. https://medium.com/@marilee.turscak/configuring-pass-through-authentication-in-azure-active-directory-through-the-aad-connect-wizard-c2fde09503ba
这篇关于无法启用Azure SSO的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!