question

JaredGray-8615 avatar image
0 Votes"
JaredGray-8615 asked JaredGray-8615 answered

Adding secure LDAP to an existing Office365 - ON-Prem Sync - Password HASH issue

We have been using on-prem AD with Office365. We need to add secure LDAP for use with Jamf.

I followed the help docs and subscribed to Azure and then created new instance with unique DNS name to act as Secure LDAP point. I would like to turn on Secure LDAP, but I'm getting a message that passwords must be hashed.

I am stuck at the powershell portion of this doc - https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-password-hash-sync

When I run the powershell script I get errors. I substituted our connector names as instructed. Can anyone please advise? The script output is below my signature.

Thanks,
Jared Gray
WildCard Media



Windows PowerShell
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

PS C:\Users\administrator.DOMAIN> C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1
Get-ADSyncConnector : Unable to locate the MA: <domain.com>
At C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1:10 char:6
+ $c = Get-ADSyncConnector -Name $adConnector
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ReadError: (Microsoft.Ident...ConnectorCmdlet:GetADSyncConnectorCmdlet) [Get-ADSyncConne
ctor], SynchronizationConfigurationValidationException
+ FullyQualifiedErrorId : Unable to locate the MA: <domain.com>,Microsoft.IdentityManagement.PowerShell.Cmdlet
.GetADSyncConnectorCmdlet

You cannot call a method on a null-valued expression.
At C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1:13 char:1
+ $c.GlobalParameters.Remove($p.Name)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1:14 char:1
+ $c.GlobalParameters.Add($p)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

Add-ADSyncConnector : <error>A null reference pointer was passed to the stub. (Exception from HRESULT:
0x800706F4)</error>
At C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1:15 char:6
+ $c = Add-ADSyncConnector -Connector $c
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (Microsoft.Ident...ConnectorCmdlet:AddADSyncConnectorCmdlet) [Add-ADSyncConn
ector], SynchronizationConfigurationValidationException
+ FullyQualifiedErrorId : <error>A null reference pointer was passed to the stub. (Exception from HRESULT: 0x80070
6F4)</error>,Microsoft.IdentityManagement.PowerShell.Cmdlet.AddADSyncConnectorCmdlet

Set-ADSyncAADPasswordSyncConfiguration : Export MA Error: Unable to locate the MA: <domain.com>
At C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1:18 char:1
+ Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConn ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ReadError: (Microsoft.Ident...igurationCmdlet:SetADSyncAADPas...igurationCmdlet) [Set-AD
SyncAADPasswordSyncConfiguration], InvalidOperationException
+ FullyQualifiedErrorId : Export MA Error: Unable to locate the MA: <domain.com>,Microsoft.IdentityManagement.
PowerShell.Cmdlet.SetADSyncAADPasswordSyncConfigurationCmdlet

Set-ADSyncAADPasswordSyncConfiguration : Export MA Error: Unable to locate the MA: <domain.com>
At C:\Users\administrator.DOMAIN\Desktop\NewHash.ps1:19 char:1
+ Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConn ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ReadError: (Microsoft.Ident...igurationCmdlet:SetADSyncAADPas...igurationCmdlet) [Set-AD
SyncAADPasswordSyncConfiguration], InvalidOperationException
+ FullyQualifiedErrorId : Export MA Error: Unable to locate the MA: <domain.com>,Microsoft.IdentityManagement.
PowerShell.Cmdlet.SetADSyncAADPasswordSyncConfigurationCmdlet

azure-ad-domain-servicesazure-ad-password-hash-sync
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JaredGray-8615 avatar image
0 Votes"
JaredGray-8615 answered

I got through it using this page - http://blog.cyberadvisors.com/aadconnect-password-sync-issue-resolved

Changed these lines from MS Example -

Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"
Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1"

To this -
Import-Module adsync

Script ran successfully.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid1608 avatar image
0 Votes"
AndyDavid1608 answered

I'd walk through each line see what values are set. What you pasted is hard to read but it looks like it simply can't find what you entered for the connector name $adConnector

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.