Azure Ad Connect broken after upgrade

Question

I have an old 1.0 install of Azure AD connect running on a server 2012 r2 machine that was upgraded from 2008 at some point.  It is still synching accounts over just fine but I can not get into the config.  From doing some research it seems that upgrades break something and my install.  In my kace the rules editor and sync service apps don't connect to the instance.  If I stop the service from services, the Azure Ad Connect app gives me a permissions error even though I have all the needed permissions.  My end goal is to have everything running a new 2019 server.  Is there any way to look at the configs at the file or database level?  I could probably backup the database and restore it on sql server and point a new install to it, but I was wondering the safest way to address this.

Answer 1

Hello,

I was able to use SSMS on the original server to backup the database via a local np connection. I then brought up a new server and installed an eval version of sql server. I restored the back up to that instance. I then started the 1.1.882 installer (which I was luckily able to find in a user profile on the server) and went through the use existing database process. Since the old server is still running and was probably actively synching at the time, I got an access denied error on the lest step where it provisions in Azure. The installer had gotten far enough along though that I was able to use the Migratesettings.ps1 script from a 2.0 installer to export the settings. I then just imported them into a new 2.0 non sqlserver install.

Answer 2

Hello @Mishaua

Thank you for your post.

I would like to gather you the following link below:

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-version-history#bug-fixes-5

Bug fixes
We fixed a bug where the desktop single sign-on settings weren't persisted after upgrade from a previous version.
We fixed a bug that caused the Set-ADSync*Permission cmdlets to fail.

Also, review the other great article.

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions

Please keep us posted about it.

BR,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 3

So the first article talks about v2. I would like to either get my v1 instance working so that I can see my configs, or get some direction on how to pull the configs off manually as I think they are in either config files or the database. Worst case I will just copy the database to sql server and standup a staging instance to get the info from. I am trying to avoid migrating away from the localdb install. Is there any way to to pull off the configurations I.e the sync rules and schedules? I know what accounts are use so that’s not a problem. Also are there any repercussions with bringing up azure ad connect in staging mode and then not completing the migration?

Answer 4

Hi,

Here the doc for configuration file...

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server#verify-the-configuration-of-a-server

Best Regards,

Answer 5

I guess there is misunderstanding on what upgrade I am referring to. The system went from server 2008r2 to a Server 2012r2 via an in place upgrade but the version of Azure ad connect (1.1.882) stayed the same. After the upgrade the sync service starts and is still synching accounts, but I can not modify the schedule and the configuration. I have seen other online postings reporting that things did not work as expected after an os upgrade. The suggestion was to uninstall and reinstall Azure Ad Connect but I am avoiding doing that in case it breaks my current sync completely.