问题描述

我正在尝试让群组写回工作。虽然我们确实订阅了Azure AD Premium，但我使用了https：//gallery.technet.microsoft.com/AD-Advanced-Permissions-49723f74中的脚本来配置高级权限，
我' m仍然在Synchronization Service Manager中看到权限问题错误。我还使用脚本和此处描述的步骤检查了权限：



https://blogs.technet.microsoft.com/dkegg/2018/01/ 30 / testing-aad-connect-write-back-permissions-on-an-ou /

$
为了进一步缩小这个问题的原因，我记得那个当我运行AzureADConnect-Wizard时，似乎无法为组写回显式指定OU，因为该字段不可编辑/灰显。因此，我使用Powershell手动设置
OU值：

 $ gs = Get -ADSyncGlobalSettings 
 $ p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter" Microsoft.GroupWriteBack.Container"，String，SynchronizationGlobal，$ null，$ null，$ null 
 $ p.Value ="OU = Office365-Cloudgroups，DC = xyz，DC = net" 
 $ gs.Parameters.Remove（$ p.Name）
 $ gs.Parameters.Add（$ p）
 Set-ADSyncGlobalSettings -GlobalSettings $ gs 

..到目前为止似乎已经奏效了：

 $ a = Get-ADSyncGlobalSettings 
 $ a.parameters |其中{$ _。Name -eq" Microsoft.GroupWriteBack.Container"} 
 
 
 
名称：Microsoft.GroupWriteBack.Container 
 InputType：String 
范围：SynchronizationGlobal 
描述：
 RegexValidationPattern：
 DefaultValue：
值：OU = Office365-Cloudgroups，DC = xyz，DC = net 
可扩展：错误
 PageNumber：0 
 Intrinsic：False 
 DataType：String 

但是，权限错误仍然存​​在： - （我如何找到更多细节/调试这个？

Hi,

I'm currently trying to get group-writeback working. Although we do have a subscription for Azure AD Premium and I've used the script from https://gallery.technet.microsoft.com/AD-Advanced-Permissions-49723f74 to configure the advanced permissions, I'm still seeing permission-issue-errors in Synchronization Service Manager. I've also checked the permissions using the script and the steps described here:

https://blogs.technet.microsoft.com/dkegg/2018/01/30/testing-aad-connect-write-back-permissions-on-an-ou/

Trying to further narrow down the cause of this issue, I remembered that it seemed impossible to explicitly specify an OU for group-writeback when I ran the AzureADConnect-Wizard, as the field was not editable / greyed out. Therefore, I've manually set the OU-value using Powershell:

$gs = Get-ADSyncGlobalSettings
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.GroupWriteBack.Container", String, SynchronizationGlobal, $null, $null, $null
$p.Value = "OU=Office365-Cloudgroups,DC=xyz,DC=net"
$gs.Parameters.Remove($p.Name)
$gs.Parameters.Add($p)
Set-ADSyncGlobalSettings -GlobalSettings $gs

..which seems to have worked so far:

$a = Get-ADSyncGlobalSettings
$a.parameters | where {$_.Name -eq "Microsoft.GroupWriteBack.Container"}



Name                   : Microsoft.GroupWriteBack.Container
InputType              : String
Scope                  : SynchronizationGlobal
Description            :
RegexValidationPattern :
DefaultValue           :
Value                  : OU=Office365-Cloudgroups,DC=xyz,DC=net
Extensible             : False
PageNumber             : 0
Intrinsic              : False
DataType               : String

However, the permission errors still persists :-( How can I find further details / debug this?

这篇关于Azure组写回权限问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！