En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

AWS AD Connect Replication permissions

0

by default, "AWS Delegated Replicate Directory Changes Administrators" have "Replicate Directory Changes" permissions and don't have "Replicate Directory Changes All" which prevent password hash synchronization with Azure AD in case of AD Connect usage.
https://social.technet.microsoft.com/wiki/contents/articles/51110.azure-ad-sync-troubleshooting-error-611-replication-access-was-denied-password-synchronisation-failed.aspx
Is it by design?
Is it possible add "Replicate Directory Changes All" permission?
What is the possible work around?

Sujets
Sécurité, identité et conformité
Balises
Service de répertoire AWS
Langue
English
IgorMCS
demandé il y a 5 ans622 vues
1 réponse
0

Yes this is by design. As managed service we can not allow our passwords to replicate to a 3rd party. This blog post describes the AD Connect scenario that we do support.

https://aws.amazon.com/blogs/security/how-to-enable-your-users-to-access-office-365-with-aws-microsoft-active-directory-credentials/

profile pictureAWS
JoeD_AWS
répondu il y a 5 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents