When trying to enable Seamless Single Sign-On(SSSO) while the Authentication enabled with Password Hash Sync Authentication(PHS).
When trying to enable the Seamless Single Sign-on using the AADConnect Configuration Wizard. The configuration failed with the error message : “An Error occurred while locating computer account“
It gives same error when we try to enable using the PowerShell.
In the error message, we could see that there is problem in finding the computer account AZUREEADSSOACC which is why we are not able to enable Seamless Single Signon(SSSO).
But Computer accounts is available in the Computer OU. But somehow the AADConnect Configuration Wizard is not able to recognize it. Since it is not able to find the AZUREEADSSOACC Computer Account, It is not allowing us to enable SSSO
To get this fixed,delete the Computer Account AZUREEADSSOACC from the Computer OU which allows AADConnect Wizard to recreate the Computer Account and enables to SSSO..
The Solution: Delete the Computer Account and retry to enable the Password Hash Sync with Seamless Single Sign-on
Step 1: Go to the DSA.msc and delete the computer account AZUREEADSSOACC
Step 2: Open PowerShell and Import Azure AADConnect PowerShell Module and run the command Enable-AzureADSSOForest
You can see it gets enabled without any error message. Once it is enabled, Run the command to validate the Status.
Get-AzureADSSOStatus | ConvertFrom-Json
You can see Domain mentioned under the Domains enabled with Seamless Single Sign-on(SSSO)