A user profile has been created and configured to sync passwords from the source to the target. While the LogViewer shows the passwords have been synced successfully during the sync process, the passwords are not changed. Allowing additional time for AD replication does not appear to resolve the issue.
The following conditions must be met:
1 ADMIN$ must be accessible on the domain controller from the DirSync box.
2 PSEXEC must have access rights to run remotely on the DC, which mean either a domain admin or built-in admin role should be granted to the service account. You may have to run PSEXEC manually to confirm this. The exact syntax is in the log below.
3 Any third party anti-virus program that prevent access the LSASS process.
4 PSEXEC must be installed on the DirSync box.
5 If you see this entry in the DirSync log "Skipping password sync, no changed passwords found" and know that you have not sync’d passwords yet or have confirmed that passwords have not updated…
Troubleshooting Password sync errors:
1 Make sure you can access the admin$ share from the DSP machine
2 Make sure the BTPass folder is there and properly populated
3 Try running the psexec commands manually and see if you get the same errors.
4 Make sure you see the psexec service start on the PDC
5 Try changing the service account that’s running the DSP service from local system to a known domain admin account.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center