![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 73%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESF%3C/text%3E%3C/svg%3E)
2,147 questions
Hello @Syed Faisal ,
Thanks for reaching out.
Could you please confirm, which type of account you are using to bind ldap? federated , synchronized from on-premises or cloud only account ?
A) For Federated Account : Not supported
B) For Synchronized from on-premises: Make sure Password hash synchronization is enabled for hybrid environments ,if its already enabled then run the following cmdlet to enforce hash synchronization on: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-password-hash-sync#enable-synchronization-of-password-hashes
Note: Users (and service accounts) can't perform LDAP simple binds if you have disabled NTLM password hash synchronization on your managed domain. For more information on disabling NTLM password hash synchronization, see Secure your managed domain.
C) **For cloud only account: ** I would recommend you to create new account as explained below in detail :
- Create a pure cloud user on Azure AD, and assign a GA (Global Admin) role to it.
- Wait for half an other to let backend sync engine sync it to AADDS.
- Change its password through access panel: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance#enable-user-accounts-for-azure-ad-ds
- Wait for another 20-30 minutes to let password sync over to AADDS
- Test the binding for LDAPS
Hope this helps.
------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.