AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Devdocs download1/31/2024 To use password writeback and enable the self-service password reset (SSPR) service to detect the cloud sync agent, use the Set-AADCloudSyncPasswordWritebackConfiguration cmdlet and the tenant’s global administrator credentials: Import-Module "C:\\Program Files\\Microsoft Azure AD Connect Provisioning Agent\\" Enable password writeback in Azure AD Connect cloud sync To configure a new agent, see Create a new configuration for Azure AD Connect cloud sync. Under Services, make sure that Microsoft Azure AD Connect Agent Updater and Microsoft Azure AD Connect Provisioning Agent are present and the status is Running.Īfter you've installed the agent, you must configure and enable it before it will start synchronizing users.Open Services either by navigating to it or by going to Start/Run/Services.msc.Sign in to the server with an administrator account.To verify that the agent is running, follow these steps: Verify that the agent is displayed and the status is healthy. On the cloud sync page, you'll see the agents you've installed.Select Azure AD Connect, and then select Cloud sync.To verify that the agent is being registered by Azure AD, follow these steps: If you still get the initial splash screen, select Close.Īgent verification occurs in the Azure portal and on the local server that's running the agent.Once this operation completes, you should be notified that Your agent configuration was successfully verified. This operation will register and restart the agent. On the Configuration complete screen, select Confirm. The following screenshot shows an example of configured domain.This operation will add your on-premises directory. In case the password expires or changes, you'll need to reconfigure the agent with the new credentials. The domain administrator account shouldn't have password change requirements. Sign in with your Active Directory domain administrator account. Otherwise, type your Active Directory domain name, and select Add directory. On the Connect Active Directory screen, if your domain name appears under Configured domains, skip to the next step. Use custom gMSA and provide the name of the managed service account.To use this option, enter the Active Directory domain administrator credentials. The group managed service account (for example, CONTOSO\provAgentgMSA$) will be created in the same Active Directory domain where the host server has joined. Create gMSA which lets the agent create the provAgentgMSA$ managed service account for you.If a managed service account is already configured in your domain, you might skip this screen. This account is used to run the agent service. On the Configure Service Account screen, select a group Managed Service Account (gMSA).If so, close the installation, disable Internet Explorer enhanced security, and restart the Azure AD Connect Provisioning Agent Package installation. If you have Internet Explorer enhanced security enabled, it will block the sign-in. Sign in with your Azure AD global administrator account.If you are installing the provisioning agent for use with on-premsise app provisioning then select On-premises application provisioning (Azure AD to application). On the Select Extension screen, select HR-driven provisioning (Workday and SuccessFactors) / Azure AD Connect Cloud Sync and click Next.Once the installation operation completes, the configuration wizard will launch.On the splash screen, select I agree to the license and conditions, and then select Install.Once the Azure AD Connect Provisioning Agent Package has completed downloading, run the AADConnectProvisioningAgentSetup.exe installation file from your downloads folder.Select Download on-premises agent, and select Accept terms & download.In the Azure portal, select Azure Active Directory.Now run through the installation wizard again and provide the credentials to create the account when you're prompted to do so. To update an existing agent to use the Group Managed Service Account created during installation, upgrade the agent service to the latest version by running AADConnectProvisioningAgent.msi. For more information, see Group Managed Service Accounts. Azure AD Connect cloud sync supports and recommends the use of a gMSA for running the agent. A gMSA also extends this functionality over multiple servers. A group Managed Service Account (gMSA) is a managed domain account that provides automatic password management, simplified service principal name (SPN) management, and the ability to delegate the management to other administrators.
0 Comments
Read More
Leave a Reply. |