Error in Password Hash Synchronization General Diagnostics

Dmitrit Garanin 1 Reputation point
2019-12-05T07:06:28.717+00:00

When I run the password synchronization diagnostics with the Invoke-ADSyncDiagnostics -PasswordSync command, I get this error:

Password Hash Synchronization cloud configuration is enabled.
Password Hash Synchronization agent had an error while pushing password changes to AAD tenant at: 05/12/2019 06:08:19 UTC
Please make sure AAD connector account is added to AAD Tenant, and username and password for this account are valid.
Please check 652 error events in the application event logs for details

I changed the passwords and am 100% sure that they are correct. If I start password synchronization for a specific user, then it passes successfully. So it's not about the account on the connector.

There is an event with code 652 in the Application log. Here it is:

Failed credential provisioning batch. Clearing affinity to the current service endpoint:. Error: Microsoft.MetadirectoryServices.UnexpectedDataException: The DN given to RDNToSourceAnchor is not valid.
    at Microsoft.Online.DirSync.Extension.Utilities.DNEncoding.RdnToBinary (String rdn)
    at Microsoft.Azure.ActiveDirectory.Connector.PasswordChangeNotificationExtension.CreateRequest (IList`1 passwords, String forestInfo)
    at Microsoft.Azure.ActiveDirectory.Connector.PasswordChangeNotificationExtension.SetPasswords (IList`1 allPasswords, String forestInfo).

How to fix it?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,645 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. neray-MSFT 26 Reputation points
    2019-12-05T07:20:05.687+00:00

    @Dmitrit Garanin

    It looks like Password synchronization failed when trying to retrieve updated passwords from the on-premises AD DS after you changed the passwords.

    Try the Resolution 2 mentioned in this document and then try again and let us know if it works.

    -----------------------------------------------------------------------------------------

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.