使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

AWS AD Connect Replication permissions

0

by default, "AWS Delegated Replicate Directory Changes Administrators" have "Replicate Directory Changes" permissions and don't have "Replicate Directory Changes All" which prevent password hash synchronization with Azure AD in case of AD Connect usage.
https://social.technet.microsoft.com/wiki/contents/articles/51110.azure-ad-sync-troubleshooting-error-611-replication-access-was-denied-password-synchronisation-failed.aspx
Is it by design?
Is it possible add "Replicate Directory Changes All" permission?
What is the possible work around?

主題
安全性、身分識別與合規
標籤
AWS Directory Service
語言
English
IgorMCS
已提問 5 年前檢視次數 622 次
1 個回答
0

Yes this is by design. As managed service we can not allow our passwords to replicate to a 3rd party. This blog post describes the AD Connect scenario that we do support.

https://aws.amazon.com/blogs/security/how-to-enable-your-users-to-access-office-365-with-aws-microsoft-active-directory-credentials/

profile pictureAWS
JoeD_AWS
已回答 5 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容