[Samba] Azure AD Connect password sync / Get-ADReplAccount PS module not working

Fri Jul 21 21:01:58 UTC 2017

Good point, but this isn't from the Microsoft or Quest modules that use 
AD web services.  This uses LDAP and MS-DRSR (DRSGetNCChanges) reference 
https://www.dsinternals.com/en/retrieving-active-directory-passwords-remotely 
and https://github.com/MichaelGrafnetter/DSInternals.

On 07/21/2017 03:53 PM, Thomas Maerz wrote:
> In my experience, most of the Get-AD PS commands don’t work with Samba4 because they use AD web services rather than RPC or LDAP to connect to the directory server.
>
> Thomas
>
> On 7/21/17, 2:17 PM, "samba on behalf of Arthur Ramsey via samba" <samba-bounces at lists.samba.org on behalf of samba at lists.samba.org> wrote:
>
>      I created a service account that's a member of enterprise admins, domain
>      admins and domain controllers.  I also explicitly gave the account
>      replication permissions at the domain level.
>      
>      This is the error I'm getting.
>      
>      Server: PS C:\Users\arthurr\Downloads> Get-ADReplAccount -SamAccountName ***redacted**** -Domain mediture -Server dc01.mediture.dom -Credential $cred -Protocol TCP
>      Get-ADReplAccount : The naming context could not be found
>      At line:1 char:1
>      + Get-ADReplAccount -SamAccountName ***redacted**** -Domain mediture -Server dc01.mediture ...
>      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>           + CategoryInfo          : NotSpecified: (:) [Get-ADReplAccount], Win32Exception
>           + FullyQualifiedErrorId : System.ComponentModel.Win32Exception,DSInternals.PowerShell.Commands.GetADReplAccountCommand
>      
>      Once person said they got it working on an older version of Samba:
>      https://lists.samba.org/archive/samba/2016-October/204091.html.
>      
>      I am using 4.6.4 (soon to be 4.6.6).
>      
>      Thanks,
>      Arthur
>      
>      
>      
>      This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
>      
>      
>      --
>      To unsubscribe from this list go to the following URL and read the
>      instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Arthur Ramsey
System Administrator
Mediture
arthur_ramsey at mediture.com
952.400.0323

This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.