question

VIBNF-4475 avatar image
1 Vote"
VIBNF-4475 asked ·

Change Azure AD source of authority

Hi,

I have the exact opposite question to this https://docs.microsoft.com/en-us/answers/questions/8143/change-azure-ad-source-of-authority.html

I want to change the authority source from Local Windows Server to Azure AD. I do not have access to AD Connect and so I cannot uninstall it. I simply want to change the authority so that users can log in to O365. At present, those users who have the local server as the authority get the error 'No Microsoft Azure AD Connect Authentication Agent was found'.

Thanks

azure-active-directoryazure-ad-connect
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered ·

Hi @VIBNF-4475,

This error occurs if you have Pass Through Authentication (PTA) enabled for your tenant and there is no PTA Agent available to serve the request. Since you do not have access to AD Connect server, you would need to download the Authentication Agent software and install it on any computer that you want to use for Disabling PTA. It can be a Windows 10 device as well. Open elevated PowerShell and navigate to "C:\Program Files\Microsoft Azure AD Connect Authentication Agent" path and run below commands:

  1. Import-Module .\Modules\PassthroughAuthPSModule

  2. Get-PassthroughAuthenticationEnablementStatus -Feature PassthroughAuth

  3. When prompted for credentials, enter Global Administrator credentials.

  4. Disable-PassthroughAuthentication -Feature PassthroughAuth

This will disable PTA for the tenant and you will not get No Microsoft Azure AD Connect Authentication Agent was found error.

Now to change Source of Authority to Azure AD, you need to run below command:

  1. Connect-MsolService and sign-in using Global Administrator account.

  2. Set-MsolDirSyncEnabled -EnableDirsync $False

After running this cmdlet, you should be able to manage/modify/delete synced accounts via Azure AD.

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.







· 1 ·
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VIBNF-4475 avatar image VIBNF-4475 ·

That worked perfectly - thanks!

VIBNF

0 Votes 0 ·