To recreate the Azure Active Directory Seamless Single Sign-On (AzureADSSOACC) account follow the following steps:
1. Login on the server where the Azure AD Connector is installed
2. Start PowerShell as administrator and go to the following path
c:\program files\Microsoft Azure Active Directory Connect
3. Import the AzureADSSO module:
4. Now execute the following commands:
New-AzureADSSOAuthenticationContext Get-AzureADSSOStatus Enable-AzureADSSOForest Enable-AzureADSSO -Enable $true
5. First you will see the AzureAD authentication popup. Enter your globaladmin account and press OK
6. Next will be the AD authentication popup. Enter your Enterprise Admin account and press OK
7. You will see the following output in Powershell
8. In the Active Directory the Account has been recreated:
this object did not exist on my on-prem !
unable to run Update-AzureADSSOForest !
and i spend 3 hours wondering why my sso is not working.
you save me !!
Thanks for your post!
One thing came up in the last security audit. The computer account is set to “password never expires “.
Do you know if I am able to change/rotate the computer account password without side effects?
I was strugling from last two days but this article helped alot. thanks for nice article.