将连接器与 Azure AD Connect Sync Service Manager 配合使用Using connectors with the Azure AD Connect Sync Service Manager

Sync Service Manager

“连接器”选项卡可用于管理同步引擎连接的所有系统。The Connectors tab is used to manage all systems the sync engine is connected to.

连接器操作Connector actions

操作Action 注释Comment
创建Create 请勿使用。Do not use. 若要连接到其他 AD 林,请使用安装向导。For connecting to additional AD forests, use the installation wizard.
属性Properties 用于域和 OU 筛选。Used for domain and OU filtering.
删除Delete 用于删除连接器空间中的数据或删除与林的连接。Used to either delete the data in the connector space or to delete connection to a forest.
配置运行配置文件Configure Run Profiles 除了对于域筛选,无需在此进行任何配置。Except for domain filtering, nothing to configure here. 可以通过此操作来查看已配置的运行配置文件。You can use this action to see already configured run profiles.
运行Run 用于启动配置文件的一次性运行。Used to start a one-off run of a profile.
停止Stop 停止当前运行配置文件的连接器。Stops a Connector currently running a profile.
导出连接器Export Connector 请勿使用。Do not use.
导入连接器Import Connector 请勿使用。Do not use.
更新连接器Update Connector 请勿使用。Do not use.
刷新架构Refresh Schema 刷新缓存架构。Refreshes the cached schema. 最好改为在安装向导中使用此选项,因为它也会更新同步规则。It is preferred to use the option in the installation wizard instead, since that also updates sync rules.
搜索连接器空间Search Connector Space 用于查找对象,以及在整个系统中跟踪对象及其数据。Used to find objects and to Follow an object and its data through the system.

删除 Delete

删除操作适用于两种不同的用途。The delete action is used for two different things.
Sync Service Manager

“仅删除连接器空间”选项会删除所有数据,但保留所有配置。The option Delete connector space only removes all data, but keep the configuration.

“删除连接器和连接器空间”选项会删除数据以及所有配置。The option Delete Connector and connector space removes the data and the configuration. 不想再连接到林时可以使用此选项。This option is used when you do not want to connect to a forest anymore.

这两个选项都会同步所有对象,并更新 Metaverse 对象。Both options sync all objects and update the metaverse objects. 这是一个长时间运行的操作。This action is a long running operation.

配置运行配置文件 Configure Run Profiles

使用此选项可查看为连接器配置的运行配置文件。This option allows you to see the run profiles configured for a Connector.

Sync Service Manager

搜索连接器空间 Search Connector Space

查找对象和排查数据问题时,搜索连接器空间操作非常有用。The search connector space action is useful to find objects and troubleshoot data issues.

Sync Service Manager

先选择一个“范围”。Start by selecting a scope. 可以基于数据(RDN、DN、定位点、子树)或对象状态(所有其他选项)进行搜索。You can search based on data (RDN, DN, Anchor, Sub-Tree), or state of the object (all other options).
Sync Service ManagerSync Service Manager
例如,如果进行子树搜索,会获取某个 OU 中的所有对象。If you for example do a Sub-Tree search, you get all objects in one OU.
Sync Service ManagerSync Service Manager
可以从此网格中选择一个对象,选择“属性”,并从源连接器空间到 Metaverse 再到目标连接器空间一直跟踪对象From this grid you can select an object, select properties, and follow it from the source connector space, through the metaverse, and to the target connector space.

更改 AD DS 帐户密码Changing the AD DS account password

如果更改帐户密码,Synchronization Service 不再能将更改导入/导出到本地 AD。If you change the account password, the Synchronization Service will no longer be able to import/export changes to on-premises AD. 可能会看到如下内容:You may see the following:

  • AD 连接器的导入/导出步骤失败,错误为“no-start-credentials”。The import/export step for the AD connector fails with "no-start-credentials" error.
  • 在 Windows 事件查看器下,应用程序事件日志包含一个错误,事件 ID 为 6000,消息为“管理代理‘contoso.com’未能运行,因为凭据无效”。Under Windows Event Viewer, the application event log contains an error with Event ID 6000 and message “The management agent “contoso.com” failed to run because the credentials were invalid.”

若要解决此问题,请使用以下方法更新 AD DS 用户帐户:To resolve the issue, update the AD DS user account using the following:

  1. 启动 Synchronization Service Manager(“开始”→ Synchronization Service)。Start the Synchronization Service Manager (START → Synchronization Service).
    Sync Service ManagerSync Service Manager
  2. 转到“连接器”选项卡。Go to the Connectors tab.
  3. 选择配置为使用 AD DS 帐户的 AD 连接器。Select the AD Connector which is configured to use the AD DS account.
  4. 在“操作”下,选择“属性”。Under Actions, select Properties.
  5. 在弹出对话框中,选择“连接到 Active Directory 林”:In the pop-up dialog, select Connect to Active Directory Forest:
  6. 林名称指示相应的本地 AD。The Forest name indicates the corresponding on premises AD.
  7. 用户名指示用于同步的 AD DS 帐户。The User name indicates the AD DS account used for synchronization.
  8. 在密码文本框 Azure AD Connect 同步加密密钥实用程序中输入 AD DS 帐户的新密码Enter the new password of the AD DS account in the Password textbox Azure AD Connect Sync Encryption Key Utility
  9. 单击“确定”以保存新密码,并重启 Synchronization Service 以从内存缓存中删除旧密码。Click OK to save the new password and restart the Synchronization Service to remove the old password from memory cache.

后续步骤Next steps

了解有关 Azure AD Connect 同步配置的详细信息。Learn more about the Azure AD Connect sync configuration.

了解有关将本地标识与 Azure Active Directory 集成的详细信息。Learn more about Integrating your on-premises identities with Azure Active Directory.