Comments (5)
RamanathanChinnappan-MSFT
commented on July 25, 2024
@sethicle
Thanks for your feedback! We will investigate and update as appropriate.
from entra-docs.
SaibabaBalapur-MSFT
commented on July 25, 2024
@sethicle Thank you for explaining the issue you are facing with syncing Domain Admins to Entra AD. It seems like the scripts and the Entra AD Connect Tool Trouble-shooter are not applying the correct permissions to the adminsdholder object, which is causing issues with syncing the admin accounts. Based on your explanation, it appears that the ACL is not applying to the AdminSDHolder object but rather to descendant objects, which is causing the permissions to not allow for write access. To resolve this issue, you manually ran sdprop via LDP and set AdminSDHolder to read and write for this object only (for read and write attributes) and applied it to the accounts. This allowed you to sync the admin accounts successfully. It is important to note that syncing Domain Admins to Entra AD is not recommended, as it can pose a security risk. However, if you must do so, it is important to ensure that the correct permissions are applied to the adminsdholder object to avoid any issues with syncing. I hope this information helps. Let me know if you have any further questions or concerns.
from entra-docs.
SaibabaBalapur-MSFT
commented on July 25, 2024
@sethicle
We are going to close this thread as resolved but if there are any further questions regarding the documentation, please tag me in your reply and we will be happy to continue the conversation.
from entra-docs.
sethicle
commented on July 25, 2024
It may want to be noted in documentation that this permission is to be set manually on the accounts to ensure syncing with Entra AD?
I do note that this is not recommended and iw I'll be adjusting this in the new year to not be DA users however if AdminSDHolder is selected the script should set the correct permissions since the documentation states that it should be set to Yes to update if you wish to sync DA users.
Thanks,
Seth
from entra-docs.
SaibabaBalapur-MSFT
commented on July 25, 2024
@sethicle
Based on the provided document, it seems that the permission needs to be set manually on the accounts to ensure syncing with Entra AD. However, it is not recommended to set the permission on DA users. If you want to sync DA users, you can set the AdminSDHolder to Yes to update the permissions. The script should set the correct permissions if you follow the instructions in the documentation. If you have any further questions or concerns, please let me know.
from entra-docs.
Related Issues (20)
- New-AzureADAuthenticationContext deprecated/necessary which is it? HOT 2
- Botskiy HOT 3
- Possible incomplete errors explanations HOT 2
- Command to collect logs is in-correct HOT 3
- Documentation is grossly inaccurate. HOT 3
- Didn't work ootb HOT 2
- Amazon instead of Google HOT 2
- Invite a guest user to an app from the Access Panel (myapps mirosoft com )- not accurate - not possible HOT 3
- Incorrect domain pattern on step 5b HOT 2
- No examples for ClaimsTransformations HOT 2
- Admin users are able to register third party software tokens due to SSPR authorization policy. HOT 2
- Contradictory limit values for the same items. HOT 4
- The wrong type of certificate is mentioned in point 7 HOT 2
- Diagram Product Name Incorrect HOT 3
- Entra ID Cloud Sync Users? HOT 2
- Android Authenticator HOT 2
- Sender email address and subject line: email and sender are wrong HOT 2
- No examples, very poor documentation HOT 5
- Misleading information in security defaults documentation HOT 3
- Please consider clarifying using an LLM HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from entra-docs.