AD Connect同步问题 [英] AD Connect Sync issues

问题描述

我有一个名为contoso.com的网站，已在go-daddy注册.在go daddy中，我将名称服务器设置为hostgator名称服务器，因此Hostgator托管contoso.com网站并具有该站点的dns记录.

前提是，我有一个名为contoso.com的域名，与该网站相同.

Microsoft Azure允许您创建自定义域名，而不使用通用的< email> onmicrosoft.com".我决定创建contoso.com的自定义AzureAD域.

在设置此自定义域之前，Microsoft会向您发出挑战，要求您在contoso.com区域中创建txt或mx记录以证明您拥有它.完成此操作后，将验证您的自定义域，并且您可以使用contoso.com.

在前提条件下，使用Azure ADConnect时，我可以将前提条件contoso.com域中的所有用户同步到AzureAD contoso.com域.但是，当我尝试从内部contoso.com域中的计算机解析contoso.com网站时，我无法 这样做.它说:无法访问此站点."

为了解决这个问题，我创建了一个名为www的A记录，该记录指向contos.com网站IP.这也失败了.然后，我将onprem域重命名为contoso.local.完成此操作后，我现在可以通过新重命名的contoso.local中的计算机访问该网站. 域，但现在，当我尝试将用户同步到AzureAD时，他们显示为"user @< email> onmicrosoft.com"；而不是"user@contoso.com".

如何将我的本地域保持为contoso.com，这使我可以将名称正确同步到AzureAD，同时又可以从contoso.com内部部署域中的客户端访问网站?

I have a website named contoso.com registered with go-daddy. In go daddy, I set the name servers to hostgator name servers, so Hostgator hosts the contoso.com website and has the dns records for the site.

On premise, I have a domain named contoso.com, same as the website.

Microsoft Azure allows you to create your custom domain name instead of using the generic "<email>onmicrosoft.com." I decided to create a custom AzureAD domain of contoso.com.

Before you can get this custom domain set up, Microsoft issues a challenge for you to create a txt or mx record in the contoso.com zone to prove you own it. After doing this, your custom domain is verified and you are able to use contoso.com.

On premise, when using Azure ADConnect, I am able to sync all users in my on premise contoso.com domain to my AzureAD contoso.com domain. However, when I try to resolve the contoso.com website from a computer in the on premise contoso.com domain, I am unable do do so. It says, "this site can't be reached." 

To try and fix this, I created an A record named www that points to contos.com website IP. This also fails. I then renamed the onprem domain to contoso.local. After doing this, I was now able to get to the website from a computer in the newly renamed contoso.local domain but  now when I try to sync users to AzureAD, they show up as "user@<email>onmicrosoft.com" instead of "user@contoso.com.

How can I keep my local domain as contoso.com, which allows me to properly sync names to AzureAD, and at the same time, be able to get to the website from clients within the contoso.com on-premise domain?

推荐答案

您可以配置自定义域，并且该域已通过验证，Azure AD Connect已成功将您的本地AD与Azure AD.意思是，Azure AD的自定义域配置没有问题，并且该问题始于网站. 话虽如此，这不是Azure AD问题.您需要在内部进行进一步调查并解决问题.如果您打算使用不可路由的域(例如.local)，请按照以下链接中的说明进行操作-

You were able to configure custom domain and the domain was verified and Azure AD Connect successfully synched your on premise AD with Azure AD. Meaning, there was no issue with custom domain configuration with Azure AD and the issue started with the website. That being said, this is not an Azure AD issue. You need to investigate further and troubleshoot the issue on your on premise side. If you're planning for a non routable domain such as .local, follow the instructions from these links - How to prepare a non-routable domain and Plan for non-routable domain names

--------------------------------------------------- -------------------------------------------------- ----------------------------------
如果此答案有帮助，请单击"标记为答案"，然后单击投票.要提供有关您的论坛体验的其他反馈，请单击 这里 

-----------------------------------------------------------------------------------------------------------------------------------
If this answer was helpful, click "Mark as Answer" and Up-Vote. To provide additional feedback on your forum experience, click here 

这篇关于AD Connect同步问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！