[Samba] azure AD Connect | passwords not syncing

mj lists at merit.unu.edu
Fri Nov 11 12:13:54 UTC 2016

That is a major bummer. :-(

Would it work any better, if I promoted our windows 2012 server to a 
domain controller?

Or would that have all kinds of other side-effects..? (we're currently 
running three dc's, all samba)

One side-effect I can think of: GPO's, in a mixed samba/windows DC...?

Any ideas what the requirements on the samba side would be, for samba to 
be able to accomodate those azure AD Sync password syncs?


On 11/11/2016 12:05 PM, Lesfourmisduweb via samba wrote:
> Hi
> I tried it but it does not work.
> I then use: https://github.com/Azure/azure-sdk-for-python
> This allows to manage my windows azure accounts in a python script. I
> then create a script that sends the user's password when it changes.
> It is a system similar to that of "G Suite Password Sync"
> I use the "Check password script" option in samba. (Valid in the branch
> 4.5 of samba.)
> But the password is sent only when the password is changed.
> You will not be able to send the already changed password.
> Simon
> Le 11/11/2016 à 11:42, mj via samba a écrit :
>> Hi,
>> We setup the microsoft azure AD Connect on a windows 2012 server, to
>> start using (testing) office 365 in the future. We're running a samba
>> 4.4.4 AD.
>> This all worked, in the portal.office.com admin section we can see that:
>>> Company Name     COMPANY
>>> Domains verified             2
>>> Domains not verified             1
>>> Directory sync enabled         true
>>> Last directory sync             last synced 3 minutes ago
>>> Password sync enabled         true
>>> Last password sync
>>> Directory sync client version
>>> IdFix Tool     Download IdFix Tool
>>> Directory sync service account
>>> Sync_WIN2012-PROXMOX_63nfmdcompany.onmicrosoft.com
>> As you can see, the sync seems to work, however: "Last password sync"
>> field is empty, even though the password sync functionality IS enabled.
>> There don't seem to be any errors, and I can see all our AD accounts
>> in the office365 web interface.
>> In all online examples/howto's, the "last password sync" is never
>> empty, so our status seems to be irregular.
>> Before looking into all kinds of details, the basic question first:
>> Is password sync using Azure Connect to the azure cloud supposed to
>> work? Does it work for others here?
>> Anything special that needs to be done/taken care of on the samba side
>> of things?
>> Best,
>> MJ

More information about the samba mailing list