Share via


Azure AD Sync Troubleshooting: Error 611 - Replication Access Was Denied (Password Synchronisation Failed:)

Short article based on password synchronization issue:

You’ve installed Azure AD Sync Services (or later) and have setup password hash synchronization, i.e. you are synchronizing users and their passwords as opposed to creating federated users.

Password synchronization doesn’t appear to be working and you find the Event ID 611, source Directory Synchronization

Which says that Replication Access was denied. Below mentioned text will come: Password Synchronization-

“Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8453 : Replication access was denied. There was an error calling _IDL_DRSGetNCChanges. at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.OnGetChanges(ReplicationState syncState) at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.GetChanges(ReplicationState replicationState) at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy) at Microsoft.Online.PasswordSynchronization.DeltaSynchronizationTask.SynchronizeCredentialsToCloud() at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets() at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain() at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext).”

In order to synchronize the password, you required below mentioned permissions on the server account of active directory management.

  1. Replicate Directory changes
  2. Replicate Directory Changes to All