Azure Active Directory Connect: Troubleshoot Seamless
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso
Step 1: Import the Seamless SSO PowerShell module Step 1: Import the Seamless SSO PowerShell module First, download, and install .
Browse to the %programfiles%\Microsoft Azure Active Directory Connect folder.
Import the Seamless SSO PowerShell module by using this command: Import-Module .\AzureADSSO.psd1.Step 2: Get the list of Active Directory forests on which Seamless SSO has been enabled Step 2: Get the list of Active Directory forests on which Seamless SSO has been enabled Run PowerShell as an administrator. In PowerShell, call New-AzureADSSOAuthenticationContext. When prompted, enter your tenant's global administrator credentials.
Call Get-AzureADSSOStatus. This command provides you with the list of Active Directory forests (look at the "Domains" list) on which this feature has been enabled.Step 3: Disable Seamless SSO for each Active Directory forest where you've set up the feature Step 3: Disable Seamless SSO for each Active Directory forest where you've set up the feature Call $creds = Get-Credential. When prompted, enter the domain administrator credentials for the intended Active Directory forest. Note
The domain administrator credentials username must be entered in the SAM account name format (contoso\johndoe or contoso.com\johndoe). We use the domain portion of the username to locate the Domain Controller of the Domain Administrator using DNS. Note
The domain administrator account used must not be a member of the Protected Users group. If so, the operation will fail. Call Disable-AzureADSSOForest -OnPremCredentials $creds. This command removes the AZUREADSSOACC computer account from the on-premises domain controller for this specific Active Directory forest. Note
If for any reason you can't access your AD on-premises, you can skip steps 3.1 and 3.2 and instead call Disable-AzureADSSOForest -DomainFqdn <Domain name from the output list in step 2>. Repeat the preceding steps for each Active Directory forest where you’ve set up the feature.Step 4: Enable Seamless SSO for each Active Directory forest Step 4: Enable Seamless SSO for each Active Directory forest Call Enable-AzureADSSOForest. When prompted, enter the domain administrator credentials for the intended Active Directory forest. Note
The domain administrator credentials username must be entered in the SAM account name format (contoso\johndoe or contoso.com\johndoe). We use the domain portion of the username to locate the Domain Controller of the Domain Administrator using DNS. Note
The domain administrator account used must not be a member of the Protected Users group. If so, the operation will fail. Repeat the preceding step for each Active Directory forest where you want to set up the feature.Step 5. Enable the feature on your tenant Step 5. Enable the feature on your tenant
To turn on the feature on your tenant, call Enable-AzureADSSO -Enable $true. Feedback Submit and view feedback for Theme Light Dark High contrast © Microsoft 2022
uefa
DA: 46 PA: 98 MOZ Rank: 25