question

JaroslavVacek-8764 avatar image
0 Votes"
JaroslavVacek-8764 asked JaroslavVacek-8764 answered

Azure AD change synchronization account

Good morning,

I have a problem with synchronization between our on-prem testing AD and Azure AD. We used password hash synchronization from our on-prem testing AD to our tenant in the past. Everything was working, but we wanted change PHS to ADFS. For this scenariowe have prepared new AD domain. So, I stopped synchronization of the testing domain and uninstall Azure AD Connect. Three days before I installed Azure AD Connect to the new AD domain and configured it for ADFS. The wizard was succesfully finished, ADFS andWAP servers were configured. Now, when I connect to the Microsoft 365 admin center, I see error message: Directory sync: last synced more than 3 days ago. In Health - Directory Sync Status, I can see the same error and in item "Directory syncservice account" is bad account, which doesn't exists. Azure AD Connect created during installation and configuration another account. Can I change the sync service account to the existing? Thank you very much for your advice.

Jaroslav Vacek

Czech republic

azure-ad-connect
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

@JaroslavVacek-8764 I don't think same account can be used. You can try below steps to resolve the issue:

  1. Start the Synchronization Service Manager (START → Synchronization Service). Sync Service Manager.

  2. Go to the Connectors tab.

  3. Select the AD Connector that corresponds to your on-premises AD. If you have more than one AD connector, repeat the following steps for each of them.

  4. Under Actions, select Properties.

  5. In the pop-up dialog, select Connect to Active Directory Forest.

  6. Enter the password of the new AD DS account in the Password textbox.

  7. Click OK to save the new password and close the pop-up dialog.

  8. Start a new PowerShell session on the Azure AD Connect server.

  9. Run cmdlet Add-ADSyncAADServiceAccount.

  10. In the pop-up dialog, provide the Azure AD Global admin credentials for your Azure AD tenant.

  11. If it is successful, you will see the PowerShell command prompt.

  12. Restart Microsoft Azure AD Sync service.

Please "Accept as answer" wherever the information provided helps you to help others in the community.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JaroslavVacek-8764 avatar image
0 Votes"
JaroslavVacek-8764 answered

Good morning,
thank you very much for your advice. I followed your procedure and now is everything working. But I don't understand why it had to be done like this. Sync account and password was generated and set automatically by Azure AD Connect. Thank you.

Jaroslav Vacek

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.