特定林上的Azure AD Connect密码同步问题 [英] Azure AD Connect password sync issue on specific forest
问题描述
您好
我们安装了Azure AD connect(1.2.7),它正在同步用户帐户和密码哈希值5个不同的域更多或成功。我们不使用密码回写。
We have Azure AD connect (1.2.7) installed, and it's syncing user accounts and password hashes to 5 different domains more or successfully. We do not use password writeback.
我们添加了另一个域,其设置与其他域相同。域名有一个2012r2 DC。
We have added a further domain, with the same settings as the other ones. The domain has a single 2012r2 DC.
对于这个域名,密码同步不起作用。
For this domain, password sync does not work.
我想我可以看到这个的可能原因,但不知道如何解决它。当我运行AADconnect故障排除工具时,它表示此特定域具有密码写回启用功能。 (其他人不这么说)
I think I can see a possible reason for this, but not sure how to fix it. When I run the AADconnect troubleshooting tool, it says this specific domain has password writeback enable. (the others do not say this)
N / A
我重新运行向导,确保密码回写已关闭。它是。在此处运行脚本以重置该连接器上的同步: https://social.technet.microsoft.com/wiki/contents/articles/28433.how-to-use-powershell-to-trigger-a-full-password -sync-in-azure-ad-sync.aspx
I have rerun the wizard, ensuring password writeback is off. It is. Run the script here to reset sync on that connector: https://social.technet.microsoft.com/wiki/contents/articles/28433.how-to-use-powershell-to-trigger-a-full-password-sync-in-azure-ad-sync.aspx
但它仍然表示在该连接器上启用了密码回写。
but still it says password writeback is enabled on that connector.
关于如何关闭它的任何想法?我怀疑密码同步无法正常工作。
Any ideas on how to turn it off? I suspect that's why the password sync is not working.
推荐答案
确保它在门户网站和AD Connect向导
Make sure it's disabled both in the portal and in the AD Connect wizard
首先,确保门户中的设置正确:
First, ensure that the settings are correct in the portal:
- 使用全局管理员帐户登录 Azure门户。
- 浏览到 Azure Active Directory ,单击 密码重置,然后选择 内部部署集成。
- 设置 将密码写回内部部署目录的选项,以及否 。
- 点击 保存
- Sign in to the Azure portal using a Global Administrator account.
- Browse to Azure Active Directory, click on Password Reset, then choose On-premises integration.
- Set the option for Write back passwords to your on-premises directory, to No.
- Click Save
(截图设置为是的但是应该是No)
(screenshot has it set to Yes but should be No)
其次(虽然看起来你已经这样做了),在AD Connect向导中禁用它:
Second (though it seems like you already did this), disable it in the AD Connect wizard:
- 要配置和启用密码写回,请登录Azure AD Connect服务器并启动 Azure AD Connect 配置向导。
- 在 欢迎 页面,选择 配置。
- 在  ; 其他任务 页面,选择 自定义同步选项,然后选择 < span style ="font-weight:600">下一步 。
- 在 连接到Azure AD 页面,输入全局管理员凭据,然后选择 下一步。
- 在 连接目录 域/ OU 过滤页面,选择 下一步 。
- 在 可选功能 页面,选择 密码回写,
取消选中它旁边的框, 并选择 下一步。 - 在  ; 准备配置页面,选择 配置 并等待流程完成。
- 当您看到配置完成时,选择 退出。
- To configure and enable password writeback, sign in to your Azure AD Connect server and start the Azure AD Connect configuration wizard.
- On the Welcome page, select Configure.
- On the Additional tasks page, select Customize synchronization options, and then select Next.
- On the Connect to Azure AD page, enter a global administrator credential, and then select Next.
- On the Connect directories and Domain/OU filtering pages, select Next.
- On the Optional features page, select the box next to Password writeback, uncheck it, and select Next.
- On the Ready to configure page, select Configure and wait for the process to finish.
- When you see the configuration finish, select Exit.
这篇关于特定林上的Azure AD Connect密码同步问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!