密码回写不适用于本地AD-错误33001& 33004 [英] Password Write back not working with Local AD - Error 33001 & 33004
问题描述
我正在尝试将密码写回本地AD.不幸的是,我们似乎无法使其正常工作.我遵循了T的设置说明,并一遍又一遍地验证它没有做错.但是,我们似乎无法弄清楚 还是为什么.我发布了2个事件日志以获取更多信息.请帮忙:)
I was trying to test out password write back to local AD. Unforntunately we cannot seem to get it to work. I've followed the set up instructions to the T and went it over and over to verify it was not done incorrectly. Yet, we can't seem to figure out how or why. I posted the 2 event logs for more info. Please help :)
TrackingId:427b11e6-7593-4d28-8795-b1f6cae977fe,原因:同步引擎返回错误hr = 80070057,消息=该参数不正确.,上下文:cloudAnchor:User_f1183ad1-6c22-4532-b8f5-1e7d3ccb1f3f,SourceAnchorValue: dR2u9jndjkexDfAb8PL + Hw ==,
UserPrincipalName:usert@xyz.com,详细信息:Microsoft.CredentialManagement.OnPremisesPasswordReset.Shared.PasswordResetException:同步引擎返回错误hr = 80070057,消息=该参数不正确.
at AADPasswordReset.SynchronizationEngineManagedHandle.ThrowSyncEngineError(Int32 hr)
at AADPasswordReset.SynchronizationEngineManagedHandle.ChangePassword(字符串cloudAnchor,字符串sourceAnchor,字符串oldPassword,字符串newPassword)
at Microsoft.CredentialManagement.OnPremisesPasswordReset.PasswordResetCredentialManager.ChangePassword(String changePasswordXMLRequestString)
TrackingId: 427b11e6-7593-4d28-8795-b1f6cae977fe, Reason: Synchronization Engine returned an error hr=80070057, message=The parameter is incorrect., Context: cloudAnchor: User_f1183ad1-6c22-4532-b8f5-1e7d3ccb1f3f, SourceAnchorValue: dR2u9jndjkexDfAb8PL+Hw==,
UserPrincipalName: usert@xyz.com, Details: Microsoft.CredentialManagement.OnPremisesPasswordReset.Shared.PasswordResetException: Synchronization Engine returned an error hr=80070057, message=The parameter is incorrect.
at AADPasswordReset.SynchronizationEngineManagedHandle.ThrowSyncEngineError(Int32 hr)
at AADPasswordReset.SynchronizationEngineManagedHandle.ChangePassword(String cloudAnchor, String sourceAnchor, String oldPassword, String newPassword)
at Microsoft.CredentialManagement.OnPremisesPasswordReset.PasswordResetCredentialManager.ChangePassword(String changePasswordXMLRequestString)
推荐答案
你好
是否可以检查是否具有以下属性检查您要测试的用户?
Can you check if you have the following properties "Do not allow user to reset password" and "password never expires" checked for the users you are testing ?
对于用户帐户,请不要选中这些密码以进行密码回写.
These should be unchecked for password write back to work for the user accounts.
错误也表明
Also the error indicates that the Active Directory Management Agent (ADMA) service account does not have the appropriate permissions on the account in question to set a new password. Ensure that the ADMA account in the user’s forest has reset and change password permissions on all objects in the forest.
您可以按照列出的步骤检查权限 这里 .
You can check the permissions by following the steps listed here .
You can also check the below troubleshooting doc for more details.
这篇关于密码回写不适用于本地AD-错误33001& 33004的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
