But until then we do this:
On your AzureADConnect machine go to:
PS C:\> cd '.\Program Files\Microsoft Azure Active Directory Connect'
Then import:PS C:\Program Files\Microsoft Azure Active Directory Connect> Import-Module .\AzureADSSO.psd1Run the commandlet New-AzureADSSOAuthenticationContext:
PS C:\Program Files\Microsoft Azure Active Directory Connect> New-AzureADSSOAuthenticationContextCheck the current status:
PS C:\Program Files\Microsoft Azure Active Directory Connect> Get-AzureADSSOStatus
{"Enable":true,"Exists":true,"Domains":["domain.lan"],"IsSuccessful":true,"ErrorMessage":""}
Then enter your on-premises domain administrator credentials:PS C:\Program Files\Microsoft Azure Active Directory Connect> $creds = Get-Credential
PS C:\Program Files\Microsoft Azure Active Directory Connect> Update-AzureADSSOForest -OnPremCredentials $credsThe output should look like this:
[12:10:32.685] [ 5] [INFORMATIONAL] UpdateComputerAccount: Locating SSO computer account in DOMAIN...
[12:10:32.701] [ 5] [INFORMATIONAL] GetDesktopSsoComputerAccount: Searching in global catalog(forest) and DOMAIN for co
mputer account AZUREADSSOACC
[12:10:33.232] [ 5] [INFORMATIONAL] TrySearchAccountUnderGlobalCatalog: Object was found in global catalog(forest), hen
ce skipping DOMAIN search
[12:10:33.232] [ 5] [INFORMATIONAL] UpdateComputerAccount: Found SSO computer account at CN=AZUREADSSOACC,CN=Computers,
DC=domain,DC=lan. Updating its properties...
[12:10:33.232] [ 5] [INFORMATIONAL] UpdateComputerAccount: Granting full control to account admins and enterprise admin
s for computer account CN=AZUREADSSOACC,CN=Computers,DC=domain,DC=lan...
[12:10:33.907] [ 5] [INFORMATIONAL] UpdateComputerAccount: Successfully updated SSO computer account properties.
The operation completed successfully
PS C:\Program Files\Microsoft Azure Active Directory Connect>
No comments:
Post a Comment