问题描述
大家好
我遇到了一个问题,即我已安装Azure Active Directory Connect以获得单点登录工作。一切正在显示健康以及启用密码写回。所有正在同步OK和单点登录工作,但当我尝试重置用户密码
时,我在Azure门户中获得以下内容:
I'm having an issue whereby I've installed Azure Active Directory Connect to get single signon working. All is showing healthy along with Password Writeback Enabled. All is synching OK and single signon working, but when I attempt to reset a users password I get the following in the Azure Portal:
"不幸的是,你无法重置这个由于本地环境中的策略或错误而导致用户的密码。"
"Unfortunately, you cannot reset this user's password due to a policy or error in your on-premises environment."
我找不到任何问题,但在AAD服务器上的事件日志中,它还显示事件ID 33009
I cannot find any problem but in the event logs on the AAD server it also shows event ID 33009
TrackingId:f9167424-bf41-4b67-90ca-4fc16f1d800f,原因:同步引擎返回错误hr = 80004001,message =未实现,上下文:cloudAnchor:User_c0502f50-ca15-4527-8caf-79c8c05a7464,SourceAnchorValue:4ZSaPy0nHESpBsVnxpraWA ==,AdminUpn:
admin @ company.com ,UserPrincipalName:,详情:Microsoft.CredentialManagement.OnPremisesPasswordReset.Shared .PasswordResetException:同步引擎返回错误hr = 80004001,messag e =未实施
TrackingId: f9167424-bf41-4b67-90ca-4fc16f1d800f, Reason: Synchronization Engine returned an error hr=80004001, message=Not implemented, Context: cloudAnchor: User_c0502f50-ca15-4527-8caf-79c8c05a7464, SourceAnchorValue: 4ZSaPy0nHESpBsVnxpraWA==, AdminUpn: [email protected], UserPrincipalName: user@company, Details: Microsoft.CredentialManagement.OnPremisesPasswordReset.Shared.PasswordResetException: Synchronization Engine returned an error hr=80004001, message=Not implemented
at AADPasswordReset.SynchronizationEngineManagedHandle.ThrowSyncEngineError(Int32 hr)
at AADPasswordReset.SynchronizationEngineManagedHandle.ThrowSyncEngineError(Int32 hr)
at AADPasswordReset.SynchronizationEngineManagedHandle.ResetPassword(String cloudAnchor,String sourceAnchor,String password,Boolean fForcePasswordChangeAtLogon,Boolean fUnlockAccount,Boolean isSelfServiceOperation)
at AADPasswordReset.SynchronizationEngineManagedHandle.ResetPassword(String cloudAnchor, String sourceAnchor, String password, Boolean fForcePasswordChangeAtLogon, Boolean fUnlockAccount, Boolean isSelfServiceOperation)
在Microsoft.CredentialManagement.OnPremisesPasswordReset.PasswordResetCredentialManager.ResetUserPasswordByAdmin(String resetUserPasswordByAdminXmlRequestString)
at Microsoft.CredentialManagement.OnPremisesPasswordReset.PasswordResetCredentialManager.ResetUserPasswordByAdmin(String resetUserPasswordByAdminXmlRequestString)
和事件ID 6329:
and Event ID 6329:
密码设置操作期间发生意外错误。
An unexpected error has occurred during a password set operation.
" ERR_:MMS(9640):E:\ bt \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\ MAUtils.h(58):无法获得注册表值'ADMADoNormalization',0x2
"ERR_: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMADoNormalization', 0x2
BAIL:MMS(9640):E:\ bt \863912 \\\\\\\\\\\\\\\\\\\\ \\ dev\sync\ma\shared\inc\MAUtils.h(59):0x80070002(系统找不到指定的文件。):Win32 API失败:2
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL:MMS(9640):E:\ bt \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\找不到指定的文件。)
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_:MMS(9640):E:\ bt \863912 \ repo \src \ dev\sync\ma \ shared\inc\MAUtils.h(58):无法获取注册表值'ADMARecursiveUserDelete',0x2
ERR_: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMARecursiveUserDelete', 0x2
BAIL:MMS(9640):E:\ bt \863912 \ repo\src\dev\sync\ma\shared\inc\MAUtils.h(59):0x80070002(系统找不到th指定的e文件。):Win32 API失败:2
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL:MMS(9640):E:\ bt \863912 \\\\\\\\\\\\\\\\\\ \\ ma\shared\inc\MAUtils.h(114):0x80070002(系统找不到指定的文件。)
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_:MMS(9640):E:\ bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(58):无法获取注册表值'ADMARecursiveComputerDelete',0x2
ERR_: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'ADMARecursiveComputerDelete', 0x2
BAIL:MMS(9640):E:\ bt\863912 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ (系统找不到指定的文件。):Win32 API失败:2
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL:MMS(9640):E:\ bt \863912 \\\\\\\\\\\\\\\\ dev\sync\ma\shared\inc\MAUtils.h(114):0x80070002(系统找不到指定的文件。)
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_:MMS(9640) :E:\ bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(58):Fai led获取注册表值'SkipAdminCountCheck',0x2
ERR_: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(58): Failed getting registry value 'SkipAdminCountCheck', 0x2
BAIL:MMS(9640):E:\ bt \863912 \ repo \src \ dev \ sync \ ma \shared\inc\MAUtils.h(59):0x80070002(系统找不到指定的文件。):Win32 API失败:2
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(59): 0x80070002 (The system cannot find the file specified.): Win32 API failure: 2
BAIL:MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(114):0x80070002(系统找不到指定的文件。)
BAIL: MMS(9640): E:\bt\863912\repo\src\dev\sync\ma\shared\inc\MAUtils.h(114): 0x80070002 (The system cannot find the file specified.)
ERR_:MMS(9640):admaexport.cpp(2837):服务器不包含LDAP密码策略控制。
ERR_: MMS(9640): admaexport.cpp(2837): The server does not contain the LDAP password policy control.
BAIL:MMS( 9640):admaexport.cpp(2839):0x80004001(未实现)
BAIL: MMS(9640): admaexport.cpp(2839): 0x80004001 (Not implemented)
ERR_:MMS(9640):admaexport.cpp(2858):无法使用LDAP密码策略控制设置密码。
ERR_: MMS(9640): admaexport.cpp(2858): Failed to set the password using LDAP password policy control.
BAIL:MMS(9640):admaexport.cpp(3311):0x80004001(未实现)
BAIL: MMS(9640): admaexport.cpp(3311): 0x80004001 (Not implemented)
ERR_:MMS(9640):. .\.c.cpp(8195):ExportPasswordSet失败,错误为0x80004001
ERR_: MMS(9640): ..\ma.cpp(8195): ExportPasswordSet failed with 0x80004001
Azure AD Sync 1.2.70.0"
Azure AD Sync 1.2.70.0"
我发现只有一个人说他有同样的问题而且必须重建AAD服务器才能让它工作,我真的不想做那个。
I've only found one guy who said he has the same problem and has to rebuild the AAD server to get it to work, I don't really want to do that.
任何建议/帮助都非常感谢。我不认为它的权限是我的;已经指示帐户:
Any suggestions/help greatly appreciated. I don't think its permissions as I;'ve guiven the account:
重置密码
更改密码
写入锁定时间
写pwdLastSet
Reset password
Change password
Write lockoutTime
Write pwdLastSet
我是否必须启用SSPR(自助服务密码休息),看到某处但是不要'我想在这个时候这样做吗?
Do I have to enable SSPR (Self Service Password Rest), seen that somewhere but don't want to do this at this time ?
推荐答案
要设置适当的密码回写权限,请完成以下步骤:
To set up the appropriate permissions for password writeback to occur, complete the following steps:
- 更改密码
- 重置密码
- 写入锁定时间
- 写pwdLastSet
这篇关于Azure密码写回失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!