Share via

Azure AD change synchronization account

Jaroslav Vacek 21 Reputation points
2020-02-14T16:40:10.24+00:00

Good morning,

I have a problem with synchronization between our on-prem testing AD and Azure AD. We used password hash synchronization from our on-prem testing AD to our tenant in the past. Everything was working, but we wanted change PHS to ADFS. For this scenariowe have prepared new AD domain. So, I stopped synchronization of the testing domain and uninstall Azure AD Connect. Three days before I installed Azure AD Connect to the new AD domain and configured it for ADFS. The wizard was succesfully finished, ADFS andWAP servers were configured. Now, when I connect to the Microsoft 365 admin center, I see error message: Directory sync: last synced more than 3 days ago. In Health - Directory Sync Status, I can see the same error and in item "Directory syncservice account" is bad account, which doesn't exists. Azure AD Connect created during installation and configuration another account. Can I change the sync service account to the existing? Thank you very much for your advice.

Jaroslav Vacek

Czech republic

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,792 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,711 Reputation points
    2020-02-17T06:52:30.21+00:00

    @Jaroslav Vacek I don't think same account can be used. You can try below steps to resolve the issue:

    1. Start the Synchronization Service Manager (START → Synchronization Service). Sync Service Manager.
    2. Go to the Connectors tab.
    3. Select the AD Connector that corresponds to your on-premises AD. If you have more than one AD connector, repeat the following steps for each of them.
    4. Under Actions, select Properties.
    5. In the pop-up dialog, select Connect to Active Directory Forest.
    6. Enter the password of the new AD DS account in the Password textbox.
    7. Click OK to save the new password and close the pop-up dialog.
    8. Start a new PowerShell session on the Azure AD Connect server.
    9. Run cmdlet Add-ADSyncAADServiceAccount.
    10. In the pop-up dialog, provide the Azure AD Global admin credentials for your Azure AD tenant.
    11. If it is successful, you will see the PowerShell command prompt.
    12. Restart Microsoft Azure AD Sync service.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jaroslav Vacek 21 Reputation points
    2020-02-19T12:43:49.103+00:00

    Good morning,
    thank you very much for your advice. I followed your procedure and now is everything working. But I don't understand why it had to be done like this. Sync account and password was generated and set automatically by Azure AD Connect. Thank you.

    Jaroslav Vacek

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.