更改 AD DS 帐户密码Changing the AD DS account password

AD DS 帐户是指 Azure AD Connect 用来与本地 Active Directory 通信的用户帐户。The AD DS account refers to the user account used by Azure AD Connect to communicate with on-premises Active Directory. 如果更改 AD DS 帐户的密码,则必须使用新密码更新 Azure AD Connect 同步服务。If you change the password of the AD DS account, you must update Azure AD Connect Synchronization Service with the new password. 否则,同步服务将再也不能正确地通过本地 Active Directory 进行同步,会遇到以下错误:Otherwise, the Synchronization can no longer synchronize correctly with the on-premises Active Directory and you will encounter the following errors:

  • 在 Synchronization Service Manager 中,任何通过本地 AD 进行的导入或导出操作都会失败,出现 no-start-credentials 错误。In the Synchronization Service Manager, any import or export operation with on-premises AD fails with no-start-credentials error.

  • 在 Windows 事件查看器下,应用程序事件日志包含事件 ID 为 6000 且内容为“管理代理 "contoso.com" 无法运行,因为凭据无效”的错误。Under Windows Event Viewer, the application event log contains an error with Event ID 6000 and message 'The management agent "contoso.com" failed to run because the credentials were invalid'.

如何使用 AD DS 帐户的新密码更新同步服务How to update the Synchronization Service with new password for AD DS account

若要使用新密码更新同步服务,请执行以下操作:To update the Synchronization Service with the new password:

  1. 启动 Synchronization Service Manager(“开始”→“同步服务”)。Start the Synchronization Service Manager (START → Synchronization Service).
    Sync Service ManagerSync Service Manager

  2. 转到“连接器”选项卡。Go to the Connectors tab.

  3. 选择“AD 连接器”,该连接器对应于其密码已更改的 AD DS 帐户。Select the AD Connector that corresponds to the AD DS account for which its password was changed.

  4. 在“操作”下面,选择“属性”。Under Actions, select Properties.

  5. 在弹出对话框中,选择“连接到 Active Directory 林”:In the pop-up dialog, select Connect to Active Directory Forest:

  6. 在“密码”文本框中输入 AD DS 帐户的新密码。Enter the new password of the AD DS account in the Password textbox.

  7. 单击“确定”保存新密码并关闭弹出对话框。Click OK to save the new password and close the pop-up dialog.

  8. 在 Windows 服务控制管理器下重新启动 Azure AD Connect 同步服务。Restart the Azure AD Connect Synchronization Service under Windows Service Control Manager. 这是为了确保从内存缓存中删除对旧密码的任何引用。This is to ensure that any reference to the old password is removed from the memory cache.

后续步骤Next steps

概述主题Overview topics