Start the Synchronization Service Manager (START → Synchronization Service).The Synchronization Service encrypts the passwords using the new encryption key: Navigate to folder: '$env:ProgramFiles\Microsoft Azure AD Sync\bin\'Īs the existing passwords stored inside the database can no longer be decrypted, you need to provide the Synchronization Service with the password of the AD DS Connector account. Sign in to your Azure AD Connect Server as administrator. Select Microsoft Azure AD Sync and click Stop.Ībandon the existing encryption key so that new encryption key can be created:. ![]() Go to Windows Service Control Manager (START → Services).If it is, wait until it completes and then stop it. Make sure that the service is not running when attempting to stop it. Reinitialize the password of the ADSync service accountįirst you can stop the service in the Windows Service Control Manager. Provide the password of the AD DS Connector account If you need to abandon the encryption key, use the following procedures to accomplish this. What to do if you need to abandon the encryption key Use the following procedures to abandon the encryption key. ![]() This cannot be used for newer versions of Azure AD Connect because abandoning the encryption key is handled by Azure AD connect itself when you change the AD sync service account password so the following steps are not needed in the newer versions. The following procedures only apply to Azure AD Connect build 1.1.443.0 or older. Abandoning the ADSync service account encryption key To ensure that you do not receive these errors, follow the procedures in Abandoning the ADSync service account encryption key when changing the password.
0 Comments
Leave a Reply. |