AD Connect passthrough authentication fails for some users

Occasional Contributor

Hi

with Azure AD Connect passthrough authentication we see "50126 InvalidUserNameOrPassword" for some users.

In C:\ProgramData\Microsoft\Azure AD Connect Authentication Agent\Trace\AzureADConnectAuthenticationAgent_....

I can see the corresponding error: 

"Passthrough Authentication request failed....  Reason: '1326'."

The majority of users authenticates ok in azure.

 

In the trace Log I see many System.OperationCanceledException

 

At the AD Domain Controllers I see no "badpassword". I guess at some point Azure AD Connect decides the username is wrong - but there is no differnce in UPN compared to working users.

 

where can i find a solution?

 

best regards

Markus

 

 

 

 

 

1 Reply
answering my own question:

the onpremisesuserprincipalname has to be set to the correct value in Azure AD. We did not know about this attribute. Our Azure UPN does not match the one premises one.
It seems PTA uses the onpremisesuserprincipalname to authenticate.