ADConnect Account setup

  1. Create Service Account for AADconnect Onprem ( then sync to Azure AD ) (obv put in Password state ) 
  2. Add this to Hybrid Identity Admin ( NOT GLOBAL ADMIN ) 
  3. Remove this User as Domain Admin Onprem just leave Domain users
  4. Set the Permissions to the account
    Install-WindowsFeature RSAT-AD-Tools
    Import-Module “C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1”
    $adaccountna =”CN=svc_aadconnect,OU=Services,OU=Infrastructure,OU=Users,OU=FilmVic,DC=encom,DC=net”
    Set-ADSyncMsDsConsistencyGuidPermissions -ADConnectorAccountDN $adaccountna -Confirm:$false
    Set-ADSyncPasswordHashSyncPermissions -ADConnectorAccountDN $adaccountna -Confirm:$false
    Set-ADSyncUnifiedGroupWritebackPermissions -ADConnectorAccountDN $adaccountna -Confirm:$false
    Set-ADSyncExchangeHybridPermissions -ADConnectorAccountDN $adaccountna -Confirm:$false
    Set-ADSyncExchangeMailPublicFolderPermissions -ADConnectorAccountDN $adaccountna -Confirm:$false
    Set-ADSyncRestrictedPermissions -ADConnectorAccountDN $adaccountna -Credential $credential
    Set-ADSyncPasswordWritebackPermissions -ADConnectorAccountName svc_adconnect -ADConnectorAccountDomain domain.local -Confirm:$false

  5. SSO needs to be done with a domain admin account , however the creds for this are not saved
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)