The error is: [11:31:46.706] [ 7] [WARNING] Failed to remove inherited permissions on Sso computer account CN=AZUREADSSOACC,CN=Computers,DC=ehad,DC=loc. Error : A constraint violation occurred.
I did the following steps to try rolling over the Kerberos key:
Updated Powershell to 5.1
cd “C:\Program Files\Microsoft Azure Active Directory Connect”
Import-Module .\AzureADSSO.psd1
New-AzureADSSOAuthenticationContext *** (I am Enterprise, Schema admin, etc.)
Get-AzureADSSOStatus | fl
$O365Cred = Get-Credential
Update-AzureADSSOForest -OnPremCredentials $O365Cred
I got this error:
PS C:\Program Files\Microsoft Azure Active Directory Connect> Update-AzureADSSOForest -OnPremCredentials $O365Cred
[12:25:37.875] [ 7] [INFORMATIONAL] UpdateComputerAccount: Locating SSO computer account in ehad.loc...
[12:25:37.876] [ 7] [INFORMATIONAL] GetDesktopSsoComputerAccount: Searching in global catalog(forest) and ehad.loc for
computer account AZUREADSSOACC
[12:25:37.912] [ 7] [INFORMATIONAL] TrySearchAccountUnderGlobalCatalog: Object was found in global catalog(forest), he
ce skipping ehad.loc search
[12:25:37.914] [ 7] [INFORMATIONAL] UpdateComputerAccount: Found SSO computer account at CN=AZUREADSSOACC,CN=Computers
DC=ehad,DC=loc. Updating its properties...
[12:25:37.916] [ 7] [INFORMATIONAL] UpdateComputerAccount: Granting full control to account admins and enterprise admi
s for computer account CN=AZUREADSSOACC,CN=Computers,DC=ehad,DC=loc...
[12:25:37.952] [ 7] [WARNING] Failed to remove inherited permissions on Sso computer account CN=AZUREADSSOACC,CN=Compu
ers,DC=ehad,DC=loc. Error : A constraint violation occurred.