Microsoft 365/Office 365

Office 365. the user has not been granted the requested logon type at this computer 오류 메시지 나타나면서 AD Sync 안되는 증상

Pepuri 2018. 11. 6. 21:50
반응형

이벤트 로그 오류 기록은 아래와 같이 나왔습니다.

 

The ADSync service was unable to log on as NT SERVICE\ADSync with the currently configured password due to the following error:

Logon failure: the user has not been granted the requested logon type at this computer.

 

Service: ADSync

Domain and account: NT SERVICE\ADSync

 

This service account does not have the required user right "Log on as a service."

 

User Action

 

Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.

 

If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.

 

 

리서치를 해보면 Log on as a service 관련 정책에 문제가 있던 것으로 보입니다.

원인은 찾지 못했지만 아래와 같이 정책 변경을 진행해서 동기화가 해결되었습니다.

 

Gpmc.msc 실행

 

저는 Default Domain Policy 접근하였습니다 .Edit

 

Computer Configuration - Policies - Windows Settings - Security Settings - Local Policies - User Rights Assignment - Log on as a service 정책에서 아래와 같이 NT SERVICE\All Services 추가합니다.

 

해당 계정을 넣는 이유는 Microsoft Azure AD Sync 서비스 계정 형태이기 때문입니다.

 

동일한형태로 SQL 서버도 서비스가 시작되지 않는 오류가 있었는데 SQL 서비스 계정을 추가하여 문제가 해결되었습니다.

반응형