Until this issue is resolved you will see following errors: There are two things that need to be done when you change the service account password.įirst, you need to change the password under the Windows Service Control Manager. Issues that arise from changing the password These procedures should also be used if you need to abandon the encryption key for any reason. If you need to change the service account password you can use the procedures in Abandoning the ADSync service account encryption key to accomplish this. DPAPI protects the encryption key using the ADSync service account. The encryption key used is secured using Windows Data Protection (DPAPI). These accounts are encrypted before they are stored in the database. If you upgrade to a build from 2017 April or later, then it is supported to change the password on the service account, but you cannot change the account used.Īzure AD Connect, as part of the Synchronization Services uses an encryption key to store the passwords of the AD DS Connector account and ADSync service account. You cannot change the account to any other account without reinstalling Azure AD Connect. If you use Connect with a build from 2017 March or earlier, then you should not reset the password on the service account since Windows destroys the encryption keys for security reasons.
0 Comments
Leave a Reply. |