cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

A question about AD Connect Password Sync diagnostic tool

AUser ZUser
Copper Contributor

‎Sep 17 2017 12:01 PM

‎Sep 17 2017 12:01 PM

A question about AD Connect Password Sync diagnostic tool

Hello

 

I just installed AD connect and sucessfully synced my on premise AD (Azure IaaS AD LAB) to my Azure AD (default directory) e.g. the users and groups synced up OK. During the configuration I chose the use Password Write Back (as I am using an eval of Azure AD Premium)

 

However the password write back is not working, for example if I change reset the password of one of the synced users (e.g. synced from AD to AAD) in the Azure Portal, the AD password is not changed.

 

I run the 'troubleshooting' tool that comes with AD Connect and chose to trouble shoot Password sync for a particular user (to see what information I could get)

 

When running this tool one of the questions it asks is

Please enter AD connector space object Distinguished Name

 

I am not sure which Object the question is refering to, is there a default name for this object and which AD OU will this object live in by default so I can try and locate it in order to get its distinguished name?

 

Thanks All

 

__AAnotherUser

Labels:
18.1K Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by AUser ZUser (Copper Contributor)
Walter Spotkaeff

‎Dec 01 2017 06:04 PM

‎Dec 01 2017 06:04 PM

Solution

Re: A question about AD Connect Password Sync diagnostic tool

Hello,

 

If you are using this tool, you probably have a user that you suspect is not having their password synced to AAD - the "ad connector space object distinguished name" that the tool wants is the on-premise users "Distinguished Name."

 

From "Active Directory Users and Groups" select the properties of the user object who is not getting their password synced to AAD.  Select the Attribute Editor Tab, and scroll down for the attribute called distinguishedName - enter the value that corresponds to this attribute into the AD Connect Password Sync diagnostic tool for "ad connector space object distinguished name."

 

Thanks - Walter

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by AUser ZUser (Copper Contributor)
Walter Spotkaeff

‎Dec 01 2017 06:04 PM

‎Dec 01 2017 06:04 PM

Solution

Re: A question about AD Connect Password Sync diagnostic tool

Hello,

 

If you are using this tool, you probably have a user that you suspect is not having their password synced to AAD - the "ad connector space object distinguished name" that the tool wants is the on-premise users "Distinguished Name."

 

From "Active Directory Users and Groups" select the properties of the user object who is not getting their password synced to AAD.  Select the Attribute Editor Tab, and scroll down for the attribute called distinguishedName - enter the value that corresponds to this attribute into the AD Connect Password Sync diagnostic tool for "ad connector space object distinguished name."

 

Thanks - Walter

View solution in original post

1 Like
Reply