\n","author":{"@type":"Person","name":"jasmer"},"upvoteCount":0,"answerCount":2,"acceptedAnswer":{"@type":"Answer","text":"
I tried to reproduce the same in my environment and got the same error like below:
\n\n\nUnable to create the synchronization service account for Azure ActiveDirectory
\n
This error occurs, the account authenticates earlier in the session conditional Access is blocking the account you are using as the Azure AD admin account when you are going through the wizard ref:
\nTo resolve this error: Login with admin account -> sing-in logs under monitoring -> check the user sign-in logs and non-interactive log are failure.
\nNow, when I try to connect azure AD account it configured successfully like below:
\nInstall azure ad connect successfully like below:
\nReference:
\n\nUnable to create the syncronization service account for Azure Active Directory- Microsoft by mfreitas
\n","author":{"@type":"Person","name":"Imran"},"upvoteCount":1}}}Reputation: 25
I am getting this error. How can I configure this? I am setting up a virtual machine to login my AD Account. I want to log my office 365 account and members to access the virtual machine machine. Right now I am configuring the AD account connectivity.
These are errors from logs :
[05:00:31.709] [ 27] [ERROR] ExecuteADSyncConfiguration: configuration failed. Skipping export of synchronization policy. resultStatus=Failed
[05:00:31.710] [ 27] [ERROR] PerformConfigurationPageViewModel: An error occurred while creating the synchronization service account in Azure AD. The error was: Unable to create the synchronization service account for Azure Active Directory. Retrying this operation may help resolve the issue.
[05:00:31.710] [ 27] [ERROR] PerformConfigurationPageViewModel: Unable to create the synchronization service account for Azure Active Directory. Retrying this operation may help resolve the issue.
[05:03:10.957] [ 1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20221220-041351.log
Upvotes: 0
Views: 8391
Reputation: 1
I had a similar situation where I was getting this error, but Conditional Access and Security Defaults were disabled for the tenant in question. If anyone else has the same problem, make sure you check the legacy per-user MFA settings in the Admin Portal as well. (Current direct link to the relevant portal here, alternatively search for "MFA" in the top search bar within the M365 admin center and select "Multi-factor authentication" under Settings.)
Screenshot of sync account set to "disabled" in Legacy Per-User MFA portal
The sync account automatically generated by the Azure AD Connect installer had legacy MFA status set to "enabled" by default, which prevented that account from signing in and generated the same error message that the Conditional Access problem does. After changing the legacy per-user MFA status to "Disabled" for the sync user, the Azure AD Connect installation was successful.
Upvotes: 0
Reputation: 5570
I tried to reproduce the same in my environment and got the same error like below:
Unable to create the synchronization service account for Azure ActiveDirectory
This error occurs, the account authenticates earlier in the session conditional Access is blocking the account you are using as the Azure AD admin account when you are going through the wizard ref:
To resolve this error: Login with admin account -> sing-in logs under monitoring -> check the user sign-in logs and non-interactive log are failure.
Now, when I try to connect azure AD account it configured successfully like below:
Install azure ad connect successfully like below:
Reference:
Unable to create the syncronization service account for Azure Active Directory- Microsoft by mfreitas
Upvotes: 1