Azure AD Sync Services

When trying to enable Seamless Single Sign-On(SSSO) while the Authentication enabled with Password Hash Sync Authentication(PHS).

AzureADConnect

When trying to enable the Seamless Single Sign-on using the AADConnect Configuration Wizard. The configuration failed with the error message: “An Error occurred while locating computer account

It gives the same error when we try to enable using the PowerShell.

AzureAD Connect

Resolution for this Azure AD Connect Issue:

In the error message, we could see a problem in finding the computer account AZUREEADSSOACC, which is why we cannot enable Seamless Single Signon(SSSO).

But Computer accounts is available in the Computer OU. But somehow the AADConnect Configuration Wizard is not able to recognize it. Since it is not able to find the AZUREEADSSOACC Computer Account, It is not allowing us to enable SSSO

To get this fixed, delete the Computer Account AZUREEADSSOACC from the Computer OU which allows AADConnect Wizard to recreate the Computer Account and enables to SSSO..

The Solution: Delete the Computer Account and retry to enable the Password Hash Sync with Seamless Single Sign-on

Step 1: Go to the DSA.msc and delete the computer account AZUREEADSSOACC

Step 2: Open PowerShell and Import Azure AADConnect PowerShell Module and run the command Enable-AzureADSSOForest

Azure AD Connect

You can see it gets enabled without any error message. Once it is enabled, Run the command to validate the Status.

Get-AzureADSSOStatus | ConvertFrom-Json

Azure AD Connect

You can see Domain mentioned under the Domains enabled with Seamless Single Sign-on(SSSO)

#Azure AD #Office365 #PasswordHashSync

Author

Leave a comment

Your email address will not be published. Required fields are marked *