User Account getting disabled in Azure
-
@Romo Yes, but the thing is there is two side to this, the Azure AD end (Office 365) and AD itself. However I believe the issue might be hard to pinpoint unless you go to the last 24 hours of Azure Signins logs ans see that account or check the audit logs. Also does this account have MFA enabled?
-
@dbeato No signing attempts at all during the weekend, but the account is still getting disabled and enabled on its own as shown in the azure audit logs.
-
Could there be something automated trying to log in over and over again with a bad password?
-
@scottalanmiller said in User Account getting disabled in Azure:
Could there be something automated trying to log in over and over again with a bad password?
wouldn't the logs pickup the attempt? Thought he said the logs showed no attempts?
-
@scottalanmiller said in User Account getting disabled in Azure:
Could there be something automated trying to log in over and over again with a bad password?
No signint attempts during the weekend, interactive or uninterective where logged int the azure logs, but the account still kept getting disabled and enabled by sync or something.
-
@Romo said in User Account getting disabled in Azure:
@scottalanmiller said in User Account getting disabled in Azure:
Could there be something automated trying to log in over and over again with a bad password?
No signint attempts during the weekend, interactive or uninterective where logged int the azure logs, but the account still kept getting disabled and enabled by sync or something.
why are you assuming sync? You're logs there have shown you nothing, right?
-
@Dashrender The Synchronization service manager application logs dont show the "sync" that the azure logs show sending the disable account change, but azure does show this "sync", the Actiion Client Name is Directory Sync as well
What I cant seem to find, is where this disabled account value is coming from if AD is showing the account as active and enabled.
-
@Romo Okay, so I mean on the Sync logs it should show on the DC the account being synced. If I recall in the past I saw a bug on Microsoft end on this and upgrading the Azure AD Connect server to the latest versioned worked (Not saying you need to do that but I am still trying to find the article on this).
-
@Romo said in User Account getting disabled in Azure:
@Dashrender The Synchronization service manager application logs dont show the "sync" that the azure logs show sending the disable account change, but azure does show this "sync", the Actiion Client Name is Directory Sync as well
What I cant seem to find, is where this disabled account value is coming from if AD is showing the account as active and enabled.
right, so with that in hand, why are you looking to the sync at all? Why not focus solely on Azure to find the issue?
I'm also curious, if Azure is showing it as disabled - why is that not being sync'ed back to AD and disabling there? do you have one way sync setup?
-
@Dashrender said in User Account getting disabled in Azure:
o curious, if Azure is showing it as disabled - why is that not be
Azure Sync doesn't sync back to AD. it is the other way around.
