29 January 2021

Single Sign On broken - Azure Active Directory Seamless Single Sign-On

 I don't know if this is something that only happens in my environment, but it happens.

When ever I start AADConnect and make a change in the configuration, add an OU for example, and save the change SSO breaks.

Quick way to see what's up is here:


If there are zero Seamless single sign-on domain's than you know what's up.
The SSO trust is broken.

There is a blogpost on docs.microsoft.com about it:
Azure Active Directory Connect: Troubleshoot Seamless Single Sign-On | Microsoft Docs

The steps listed there are in this script below.

Run this from the AADConnect machine:

# https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso            
            
# Import the Seamless SSO PowerShell module            
cd \            
cd 'C:\Program Files\Microsoft Azure Active Directory Connect'            
Import-Module .\AzureADSSO.psd1            
# Get the list of Active Directory forests on which Seamless SSO has been enabled            
New-AzureADSSOAuthenticationContext            
Get-AzureADSSOStatus            
#Disable Seamless SSO for each Active Directory forest where you've set up the feature            
$creds = Get-Credential domain\username            
Disable-AzureADSSOForest -OnPremCredentials $creds            
# Enable Seamless SSO for each Active Directory forest            
Enable-AzureADSSOForest            
# Enable the feature on your tenant            
Enable-AzureADSSO -Enable $true

No comments:

Post a Comment