Changing the AD DS account password

The AD DS account refers to the user account used by Azure AD Connect to communicate with on-premises Active Directory. If you change the password of the AD DS account, you must update Azure AD Connect Synchronization Service with the new password. Otherwise, the Synchronization can no longer synchronize correctly with the on-premises Active Directory and you will encounter the following errors:

  • In the Synchronization Service Manager, any import or export operation with on-premises AD fails with no-start-credentials error.

  • Under Windows Event Viewer, the application event log contains an error with Event ID 6000 and message 'The management agent "contoso.com" failed to run because the credentials were invalid'.

How to update the Synchronization Service with new password for AD DS account

To update the Synchronization Service with the new password:

  1. Start the Synchronization Service Manager (START → Synchronization Service).
    Sync Service Manager

  2. Go to the Connectors tab.

  3. Select the AD Connector that corresponds to the AD DS account for which its password was changed.

  4. Under Actions, select Properties.

  5. In the pop-up dialog, select Connect to Active Directory Forest:

  6. Enter the new password of the AD DS account in the Password textbox.

  7. Click OK to save the new password and close the pop-up dialog.

  8. Restart the Azure AD Connect Synchronization Service under Windows Service Control Manager. This is to ensure that any reference to the old password is removed from the memory cache.

Next steps

Overview topics