Azure AD Connect stopped syncing

Today, I received this email regarding my Azure AD Connect health status saying that it hasn’t replicated for 24 hours.

Logging into the Azure Portal and checking the Azure AD Connect shows the same information. By default the AD Connect scheduler is set to sync once a day as a minimum so something was wrong.

Firstly checked the usual suspects, ensuring all the AD service accounts hasn’t been locked or password expired but everything looked fine. Looking at the Event Logs of the AD Connect server showed an error relating to authentication failure.

The error mentioned “modal dialog box or form…” which indicated that it was trying to raise a pop-up window for authentication. This immediately pointed me to the direction of Azure MFA!! I then realized that I had changed the MFA Conditional Access Policy to include all applications which impacted AD Connect.

The fix was to add an exception for the “On-premises Directory Synchronization Service Account” for the MFA Conditional Access Policy.

Restart the Microsoft Azure AD Sync service and ensure that no errors are logged.

Force a full sync by running “Start-ADSyncSyncCycle -PolicyType Initial” from Powershell on the AD Connect server.

Post Tagged with , , , , , , ,

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Categories