Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

AWS AD Connect Replication permissions

0

by default, "AWS Delegated Replicate Directory Changes Administrators" have "Replicate Directory Changes" permissions and don't have "Replicate Directory Changes All" which prevent password hash synchronization with Azure AD in case of AD Connect usage.
https://social.technet.microsoft.com/wiki/contents/articles/51110.azure-ad-sync-troubleshooting-error-611-replication-access-was-denied-password-synchronisation-failed.aspx
Is it by design?
Is it possible add "Replicate Directory Changes All" permission?
What is the possible work around?

Argomenti
Sicurezza, identità e conformità
Tag
AWS Directory Service
Lingua
English
IgorMCS
posta 5 anni fa622 visualizzazioni
1 Risposta
0

Yes this is by design. As managed service we can not allow our passwords to replicate to a 3rd party. This blog post describes the AD Connect scenario that we do support.

https://aws.amazon.com/blogs/security/how-to-enable-your-users-to-access-office-365-with-aws-microsoft-active-directory-credentials/

profile pictureAWS
JoeD_AWS
con risposta 5 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente