Azure AD Password Synchronization

Come here to share your tips and tricks for using Samba4
Locked
Arthur Toussaint
Messages: 1
Registration: July 1, 2022 - 11:36

July 1, 2022 - 11:40

Hello everyone,
I am trying to connect my Samba AD 4 server to Azure AD using Azure AD Connect
User synchronization seems to work fine, but the passwords aren't working... Has anyone ever managed to get this synchronization working, or is it a lost cause?
I'd appreciate any feedback on this topic, and in particular, which version of Samba you're using if it works
Thanks in advance !

I'm currently getting the following error:

Code: Select all

Password hash synchronization failed for domain: samdom.contoso.com, domain controller hostname: ad1.samdom.contoso.com, domain controller IP address: X.X.X.X. Details: 
Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8420 : The naming context could not be found. There was an error calling _IDL_DRSGetNCChanges. 
at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.OnReplicateSingleObject(DsName directoryName) 
at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.ReplicateSingleObject(Guid objectGuid, String distinguishedName) 
at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.<>c__DisplayClass55_0.<BuildPasswordBatch>b__1(IDrsConnection c) 
at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy) 
at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.BuildPasswordBatch(IEnumerable`1 changeObjects, IList`1& passwordChanges, IList`1& retryObjects) 
at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.BuildPasswordBatch(IList`1 changeSetObjects) 
at Microsoft.Online.PasswordSynchronization.DeltaSynchronizationTask.SynchronizeCredentialsToCloud() 
at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets() 
at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain() 
at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

July 4, 2022 - 12:34

A little trick that works well with Samba's check password script:

https://github.com/sfonteneau/send_pass ... d_azure.py

It captures the username and password when the password is changed and sends them directly to Azure AD.

Alternatively, you can try:
https://wiki.samba.org/index.php/Azure_AD_Sync
High
Locked

Return to "Tips and Tricks"


  • To go further with WAPT