Share via

Adding secure LDAP to an existing Office365 - ON-Prem Sync - Password HASH issue

Jared Gray 96 Reputation points
2020-06-11T16:51:23.727+00:00

We have been using on-prem AD with Office365. We need to add secure LDAP for use with Jamf.

I followed the help docs and subscribed to Azure and then created new instance with unique DNS name to act as Secure LDAP point. I would like to turn on Secure LDAP, but I'm getting a message that passwords must be hashed.

I am stuck at the powershell portion of this doc - https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-password-hash-sync

When I run the powershell script I get errors. I substituted our connector names as instructed. Can anyone please advise? The script output is below my signature.

Thanks,
Jared Gray
WildCard Media

Windows PowerShell
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

PS C:\Users\administrator.DOMAIN> C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1
Get-ADSyncConnector : Unable to locate the MA: <domain.com>
At C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1:10 char:6

  • $c = Get-ADSyncConnector -Name $adConnector 
  •  \~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~
    • CategoryInfo : ReadError: (Microsoft.Ident...ConnectorCmdlet:GetADSyncConnectorCmdlet) [Get-ADSyncConne
      ctor], SynchronizationConfigurationValidationException
    • FullyQualifiedErrorId : Unable to locate the MA: <domain.com>,Microsoft.IdentityManagement.PowerShell.Cmdlet
      .GetADSyncConnectorCmdlet

You cannot call a method on a null-valued expression.
At C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1:13 char:1

  • $c.GlobalParameters.Remove($p.Name)
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation: (:) [], RuntimeException
    • FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1:14 char:1

  • $c.GlobalParameters.Add($p)
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : InvalidOperation: (:) [], RuntimeException
    • FullyQualifiedErrorId : InvokeMethodOnNull

Add-ADSyncConnector : <error>A null reference pointer was passed to the stub. (Exception from HRESULT:
0x800706F4)</error>
At C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1:15 char:6

  • $c = Add-ADSyncConnector -Connector $c 
  •  \~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~
    • CategoryInfo : WriteError: (Microsoft.Ident...ConnectorCmdlet:AddADSyncConnectorCmdlet) [Add-ADSyncConn
      ector], SynchronizationConfigurationValidationException
    • FullyQualifiedErrorId : <error>A null reference pointer was passed to the stub. (Exception from HRESULT: 0x80070
      6F4)</error>,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncConnectorCmdlet

Set-ADSyncAADPasswordSyncConfiguration : Export MA Error: Unable to locate the MA: <domain.com>
At C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1:18 char:1

  • Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConn ...
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : ReadError: (Microsoft.Ident...igurationCmdlet:SetADSyncAADPas...igurationCmdlet) [Set-AD
      SyncAADPasswordSyncConfiguration], InvalidOperationException
    • FullyQualifiedErrorId : Export MA Error: Unable to locate the MA: <domain.com>,Microsoft.IdentityManagement.
      PowerShell.Cmdlet.SetADSyncAADPasswordSyncConfigurationCmdlet

Set-ADSyncAADPasswordSyncConfiguration : Export MA Error: Unable to locate the MA: <domain.com>
At C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1:19 char:1

  • Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConn ...
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : ReadError: (Microsoft.Ident...igurationCmdlet:SetADSyncAADPas...igurationCmdlet) [Set-AD
      SyncAADPasswordSyncConfiguration], InvalidOperationException
    • FullyQualifiedErrorId : Export MA Error: Unable to locate the MA: <domain.com>,Microsoft.IdentityManagement.
      PowerShell.Cmdlet.SetADSyncAADPasswordSyncConfigurationCmdlet
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,866 questions
0 comments
Accepted answer
  1. Jared Gray 96 Reputation points
    2020-06-11T23:39:21.393+00:00

    I got through it using this page - http://blog.cyberadvisors.com/aadconnect-password-sync-issue-resolved

    Changed these lines from MS Example -

    Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"
    Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1"

    To this -
    Import-Module adsync

    Script ran successfully.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David 701 Reputation points
    2020-06-11T23:35:09.463+00:00

    I'd walk through each line see what values are set. What you pasted is hard to read but it looks like it simply can't find what you entered for the connector name $adConnector

    0 comments