戻る
-
タイトル
Error: Access denied when attempting to synchronize password hash between Active Directory domains -
説明
When attempting to synchronize password hash from one Active Directory domain to another the following error is displayed in the Quick Connect or Active Roles Console:
Synchronization steps aborted. Details: Cannot read password hash value for the following object: CN=username,OU=OUname,DC=domain,DC=com Access is denied
-
原因
The Capture Agent Service on the specified domain controller is using an account that does not have the required access. -
対策
RESOLUTION
By default the Capture Agent Service runs as the local system account. If this is changed to a domain user that does not have sufficient rights the error will be encountered when attempting to synchronize password hash.
Please ensure to set the Capture Agent Service to run as the local system account. Ensure to restart the Capture Agent Service once the change has been completed.