AD Connect不回写密码 [英] AD Connect not writing back passwords

问题描述

我正在通过小型测试"测试Azure AD Connect.域，然后再继续完全同步我们的域.不幸的是，我遇到了一些问题.在解决问题之前，这是我的测试设置:

• 域的名称与Azure域不同，但是增加了UPN后缀IS.
• 我已设置AD Connect以仅同步单个OU(以进行测试)
• 该OU包含一个具有手动指定电子邮件的用户.
• 在开始同步过程之前，在Azure中手动创建了该用户.为Azure用户提供了电子邮件许可证和电子邮件地址.
• Azure AD connect的设置非常简单.作为这些设置的一部分，启用了密码写回.系统设置为仅同步先前指定的单个OU.
  

似乎在本地AD中更改测试用户的密码(并等待同步)确实会更新Azure中的密码.但是，尽管启用了密码写回，但该操作似乎是单向的.以我可以请求的测试用户身份登录 密码更改没有任何问题(并且此新密码开始用于在线登录)，但是此密码从未在我的本地AD中复制(旧密码有效，新密码无效).

在更改密码的同时发生了一个事件日志，但这并没有真正带我过去.

TrackingId: 5a76d0fc-3248-42b6-9a7a-cf8265766f38, HeartBeat for Namespace: ssprdedicatedsbprodscu, Endpoint: 3333b860-8fed-4146-aaeb-682401d60e10_2f466786-5627-462d-bcf7-ffc4bf83e8a0, Details: Version: 5.0.0.1541

我也尝试使用AD Connect疑难解答门户，但未检测到任何故障.

有任何想法如何进行调试/修复吗?

解决方案

您必须在两个位置启用SSPR.门户和AD Connect上都可以.对于本地写回，您还需要Azure AD Premium许可证.

以上是否全部正确?

Joe

I'm testing Azure AD Connect on a small "test" domain before I proceed with a full sync of our domain. Unfortunately, I'm having some problems. Before I get to the problems, here's my test setup:

• The name of the domain is NOT the same as the Azure domain, but an added UPN suffix IS.
• I've set-up AD Connect to sync only a single OU (for testing)
• The OU contains a single User with a manually specified email.
• The same user was created manually in Azure prior to starting the sync process. The Azure user was given an email licence, and an email address.
• Azure AD connect was set up with pretty basic settings. Password write-back was enabled as part of those settings. The system is set up to only sync that single OU specified earlier.
  

It appears that changing the test user's password in my local AD (and waiting for a sync) does update the password in Azure. However, the operation appears to be one-way, despite password write-back being enabled. Logged in as the test user I can request a password change without any issues (AND this new password starts to work for online logins), however this is never replicated in my local AD (old password works, new password doesn't).

There's an event log that happens at the same time the password is changed, but it doesn't really get me anywhere.

TrackingId: 5a76d0fc-3248-42b6-9a7a-cf8265766f38, HeartBeat for Namespace: ssprdedicatedsbprodscu, Endpoint: 3333b860-8fed-4146-aaeb-682401d60e10_2f466786-5627-462d-bcf7-ffc4bf83e8a0, Details: Version: 5.0.0.1541

I also tried to use the AD Connect troubleshooting portal, but that detected no faults.

Any idea how to proceed with debugging / fixing this?

解决方案

Hi, 

You have to enable SSPR in two locations. Both the portal and on AD Connect. For local writeback, you also need an Azure AD Premium license. 

Is the above all true?

Joe

这篇关于AD Connect不回写密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！