none
AD Connect - Single Sign On - domain credential problem

    Question

  • Hi

    I'm trying to implement Single Sign On with AD Connect 1.1.443.0. I have Password Synchronization enabled.

    But I keep getting the following error when selecting Enable Single Sign On:

    I have opened TCP 9090 outbound. I have also tried using both Windows 2012R2 and Windows 2016.

    Any help much appreciated.

    Monday, March 20, 2017 10:30 AM

Answers

  • After logging a call with Microsoft and with much trial and error, we found that creating a new AD user account and assigning them with 'enterprise admins' rights was the solution.

    The existing 'enterprise admin' account wouldn't work.

    No idea of the issue though. Perhaps the older account is missing certain attributes. Who knows, but at least I have fix.

     
    • Marked as answer by agvonline Wednesday, March 22, 2017 11:42 AM
    Wednesday, March 22, 2017 11:42 AM

All replies

  • The credentials being used, do make sure it is of the Local Domain Admin credentials.
    You can also refer to the documentation on Troubleshooting Errors during synchronization
    Tuesday, March 21, 2017 9:47 AM
    Moderator
  • After logging a call with Microsoft and with much trial and error, we found that creating a new AD user account and assigning them with 'enterprise admins' rights was the solution.

    The existing 'enterprise admin' account wouldn't work.

    No idea of the issue though. Perhaps the older account is missing certain attributes. Who knows, but at least I have fix.

     
    • Marked as answer by agvonline Wednesday, March 22, 2017 11:42 AM
    Wednesday, March 22, 2017 11:42 AM