Azure AD Connect Sync Stopped Password Sync when set LAN Manager authentication level 5

Question

Azure AD Connect Sync Stopped Password Sync when set LAN Manager authentication level 5 (Send NTLMv2 response only. Refuse LM & NTLM). Is there something I can do to allow AD sync to send NTLMv2 responses?

Answer 1

Ok so I think you should align your configuration between your domain controllers and your Azure AD Connect.
You should configure the GPO for your domain controllers to at least 3 (Send NTLMv2 response only) if you don't have application which require less and configure your Azure AD Connect with 5 (Send NTLMv2 response only. Refuse LM & NTLM).

Answer 2

Hello,

I have an Azure AD connect with the Lmcompatibilitylevel 5 and I have no issue with it.
Is it possible to give us the version of Azure AD Connect :

(Get-ADSyncGlobalSettings).Parameters | select Name,Value

Check the : Microsoft.Synchronize.ServerConfigurationVersion

Check also the configuration of your domain controllers regarding LAN Manager authentication level, which level they have ?

Answer 3

Thank you for responding:

Microsoft.Synchronize.ServerConfigurationVersion 1.6.4.0

Domain controllers are at
Send LM & NTLM responses 0

This morning I changed a Domain Controllers GPO to Lmcompatibilitylevel 5 and ADsync stopped working. So I reverted it back.

Answer 4

I changed LAN Authentication to Level 3 and no problems.