Ok so I think you should align your configuration between your domain controllers and your Azure AD Connect.
You should configure the GPO for your domain controllers to at least 3 (Send NTLMv2 response only) if you don't have application which require less and configure your Azure AD Connect with 5 (Send NTLMv2 response only. Refuse LM & NTLM).
Azure AD Connect Sync Stopped Password Sync when set LAN Manager authentication level 5
Azure AD Connect Sync Stopped Password Sync when set LAN Manager authentication level 5 (Send NTLMv2 response only. Refuse LM & NTLM). Is there something I can do to allow AD sync to send NTLMv2 responses?
-
Clément BETACORNE 2,031 Reputation points
2021-10-06T08:24:43.567+00:00
3 additional answers
Sort by: Most helpful
-
Clément BETACORNE 2,031 Reputation points
2021-10-05T17:43:13.877+00:00 Hello,
I have an Azure AD connect with the Lmcompatibilitylevel 5 and I have no issue with it.
Is it possible to give us the version of Azure AD Connect :(Get-ADSyncGlobalSettings).Parameters | select Name,Value
Check the : Microsoft.Synchronize.ServerConfigurationVersion
Check also the configuration of your domain controllers regarding LAN Manager authentication level, which level they have ?
-
Joseph Lamb 21 Reputation points
2021-10-05T17:51:13.31+00:00 Thank you for responding:
Microsoft.Synchronize.ServerConfigurationVersion 1.6.4.0
Domain controllers are at
Send LM & NTLM responses 0This morning I changed a Domain Controllers GPO to Lmcompatibilitylevel 5 and ADsync stopped working. So I reverted it back.
-
Joseph Lamb 21 Reputation points
2021-10-06T14:09:33.867+00:00 I changed LAN Authentication to Level 3 and no problems.