[cifs-protocol] Implement password hash synchronization with Azure AD Connect sync [119110624002737]

Obaid Farooqi obaidf at microsoft.com
Wed Nov 6 16:12:24 UTC 2019 

Hi Metze:
I'll help you with this issue and will be in touch as soon as I have an answer.

Regards,
Obaid Farooqi
Escalation Engineer | Microsoft

-----Original Message-----
From: Obaid Farooqi <obaidf at microsoft.com> 
Sent: Wednesday, November 6, 2019 10:09 AM
To: Stefan Metzmacher <metze at samba.org>
Cc: cifs-protocol at lists.samba.org; support <support at mail.support.microsoft.com>
Subject: RE: Implement password hash synchronization with Azure AD Connect sync [119110624002737]

Hi Metze:
Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications teams will be in touch soon.

Regards,
Obaid Farooqi
Escalation Engineer | Microsoft

-----Original Message-----
From: Stefan Metzmacher <metze at samba.org>
Sent: Wednesday, November 6, 2019 7:01 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org
Subject: Implement password hash synchronization with Azure AD Connect sync

Hi DocHelp,

we have customers trying to use Azure AD connect to sync their Samba DC with Azure.

It works in general, but they report that changed passwords in Samba are not replicated (at least not in a timely manner). Doing a manual replication works.

The following page talks about
"password hash synchronization heartbeat events":
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Ftshoot-connect-password-hash-synchronization%23password-sync-log&data=02%7C01%7Cobaidf%40microsoft.com%7Cecc788e2b5444ebc584908d762d3b181%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637086533671679591&sdata=g10UwcDw2ZAkImP%2FSiswGMmwNGJK2yrLSfRoSK67g8s%3D&reserved=0

What protocol is used for this heartbeat feature?
So far I only saw (I guess unrelated) LDAP traffic as well as the MS-DRSR replication with DRSGetNCChanges() from the Azure AD connect host to the Samba AD DC.

It would be good to know which protocols are required for the AD DC to implement for this to work.

Thanks!
metze

More information about the cifs-protocol mailing list