question

ThomScott-7115 avatar image
0 Votes"
ThomScott-7115 asked sikumars commented

Promoted Azure AD Connect server to domain controller and now virtual sync account used for service wont start

Hello,

Someone ended up adding the ADDS role to our Azure ad connect server.

When the server was initially setup, it was using a virtual service account for the Microsoft Azure AD sync service. See link below for details.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/concept-adsync-service-account

The documentation above says that a virtual service account cannot be used on a domain controller. I'm thinking this is why the service will no longer start.

What is the best way to correct this issue?

windows-active-directoryazure-ad-connect
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyDavid avatar image
1 Vote"
AndyDavid answered sikumars commented
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Appreciate your time and contribution on the community forum. Thanks

0 Votes 0 ·
ThomScott-7115 avatar image
0 Votes"
ThomScott-7115 answered

why is that? There is nothing in AD Connect documentation stating you cant have AD connect installed on a domain controller.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ThomScott-7115 avatar image
1 Vote"
ThomScott-7115 answered sikumars commented

NVM the link from below states the only supported method for changing the service account is to reinstall.

And since It is a DC, would be best to leave it only as a DC and not have multiple services running on it.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/concept-adsync-service-account

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for sharing your findings here, much appreciated.

Yes, supported method of changing service account is to reinstall Sync setup, because you can only set the service account on first installation. It is not supported to change the service account after the installation has been completed.

If you have any additional queries feel free to reachout to me. Thanks.

0 Votes 0 ·