Jump to content

Azure AD Connect Installation schlägt fehl


Go to solution Solved by NorbertFe,

Recommended Posts

Hello,

Same trouble on Windows 2012 PDC.

The problems comes when creating the Service "ADSync" with the stupid username.

When using "fast parameters" the security context used to run the ADSync Service is mentioned in the log file : "<Domain Name>\ADSyncMSA_3139f$" and also the binary path.
I tried to create the service manualy (sc create ADSync BinPath= "blablabla.exe") , at first without the username , but it has been deleted when running Azure AD Connect, and a second time with the username : sc create ADSync BinPath= "blabla.exe" obj= "MyDomain\ADSyncMSA_3139f$" and i get the error "File Name or extention too long".
Next attempt : create the service without "obj" parameter (UserName) and then modify the service through the regular interface. Same error.
The problem comes with the stupid UserName used for service who seems to be too long.
May be, because of PDC, the <DomainName> prefixing the UserName is not mandatory and should be not used when using this Agent on the PDC.

Link to post

Die Beobachtung mit der Länge des Managed Service Accounts, welcher durch den AD Connect Assistenten angelegt wird, habe ich auch schon gemacht. Den Dienst kann ich aber manuell anlegen, wenn ich den erzeugten Managed Service Account-Name um ein Zeichen verkürze. 

Link to post

Next try on a Server who is just Domain Member (not PDC nor BDC).
Just try to create the service (sc create) with binpath cmd.exe and obj with full username "<MyDomain>\ADSyncMSA_3139f$"

failed (206) Same error "File Name or extention too long"

Link to post
Posted (edited)

Next Try: create, as mentioned, a managed service account manually (new-adServiceAccount), who's name not as long as the default one. The service has been created but does not launch because of wrong password. May be wait for the password to be generated.

Edited by bdel
Link to post
  • Solution

Ok so that’s the answer for one question. ;)

did you install it?

  1. Install the gMSA on your host by running the following command from the PowerShell command prompt: Install-AdServiceAccount <gMSA>
 

 

Link to post

Of course not, as I'm quite some NewBy these things....

After some other PowerShell Commands, I reached the Install-ADServiceAccount

and stupid Install-ADServiceAccount reply with an access denied, even after restarting server.

Link to post

Sutpid Me.
used wrong parameter -PrincipalAllowedToDelegate instead of RetrievePassword.

 

Going to next steps... Yessss, reached next window in the wizzzzard !

 

Thanks for all !

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...