2

Goal

Enable users to login to Office 365 using their Active Directory username and password.

Details

AD: One local domain (2012 R2) and one trusted (2003).

AD Connect: synchronises users from both domains but passwords are only synced from the local domain.

I've checked that in the trusted domain users are created as iNetOrgPerson not User type like in the local domain.

Is there a way to troubleshoot this somehow?

badboy
  • 81
  • 6

1 Answers1

1

You are saying the objects ARE iNetOrgPerson objects? These are explicitly not supported for password sync and won't work. You need to convert them to user object.

You should be able to do this if you remote from 2008 R2 machine and use Powershell Set-ADUser <user> -Remove @{objectClass='inetOrgPerson'}

I'm not sure how you would do this directly on 2003, probably LDIFE but not completely sure there.

Jesus Shelby
  • 1,284
  • 9
  • 14
  • Thank you for the answer. I was aware of converting InetOrgPerson to User object but I cannot do that because of a custom application which requires this kind of object. Is there a way of creating i.e. read only domain controller which dynamically converts InetOrgPerson to User just for sync purposes? – badboy Oct 16 '16 at 10:02
  • You may want to look at a 3rd party solution like Okta - there is an additional cost, but it supports many identity providers and objects, but it may be able to solve your problem. – Jesus Shelby Oct 17 '16 at 15:09