domingo, fevereiro 16, 2020

Azure writeback password - Permission Tip

One of the requirements for the password writeback is a Active directory permission, the account specified in the Azure AD Connect utility must have the following rights:
  • Reset password
  • Change password
  • Write permissions on lockoutTime
  • Write permissions on pwdLastSet
  • Extended rights on either:
 You can configure that open your Active Directory Users and Computers, i had some issues when i tried to configure this permissions, but i found a good tip, instead of manual configurationm you can use a PowerShell command to configure this automatily, this is much better than configure manual.

Import the module (PowerShell):

>Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1"

Set Permission, where ADConnectorAccountDN is the user that you use to sync to Azure AD:
>Set-ADSyncPasswordHashSyncPermissions -ADConnectorAccountDN  "CN=MSOL_6f3a58717cc4,CN=Users,DC=contoso,DC=local"

 

It's done!
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-writeback

Postado por às
Marcadores: , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)