LSA protection is enabled in the environment. Unable to disable the protection due to security concerns. How to have Password sync with the tools.
It is by Design that LSASS (Local Security Authority Subsystem Service) is the Windows process responsible for enforcing the security policy on the system, including managing password changes and authentication
As documented it is a requirement to not protect lsa for password sync. refers to the documentation here.
| Password Synchronization Requirements The domain controller with the PDC Emulator FSMO role must not be configured to run LSASS as a protected service or the password sync will fail with an access denied error. |
Password sync would not work if LSA protection Enabled.
