I noticed that an Azure AD Connect Password sync was giving Warning: no recent synchronization, which was clearly caused by misconfiguration: password synchronization was indeed disabled. Trying to modify settings however failed, Connect to Azure AD claiming that the account wasn't an administrator.
Please provide administrator credentials for contoso.onmicrosoft.com - AAD.
Double checked that this account has the Global administrator role and also tried another account. Trying with a wrong password or an account with a pending forced password change gives another, reasonable error: there's nothing wrong with the connection. Updated from 1.1.561.0 to the latest 1.1.750.0, but that didn't help either.
Both time ADSync gives following event 6306,
The server encountered an unexpected error while performing an operation for the client. "BAIL: MMS(5036): ..\mastate.cpp(8818): 0x80230613 (Operation failed because the specified management agent could not be found.) BAIL: MMS(5036): ..\mastate.cpp(10113): 0x80230613 (Operation failed... BAIL: MMS(5036): ..\ma.cpp(316): 0x80230613 (Operation failed... BAIL: MMS(5036): ..\ma.cpp(437): 0x80230613 (Operation failed... BAIL: MMS(5036): ..\server.cpp(2007): 0x80230613 (Operation failed... Azure AD Sync 1.1.750.0"
followed by .NET Runtime event 1026 and Application Error (event 1000):
Faulting application name: Microsoft.Identity.AadConnect.Health.AadSync.Host.exe, version: 18.104.22.168, time stamp: 0x59eb08bc Faulting module name: RPCRT4.dll, version: 6.3.9600.18939, time stamp: 0x5a7f2493 Exception code: 0xc0000005
Should I continue debugging this or simply completely remove the Azure AD Connect and start from scratch? I'm a bit afraid that Azure AD Connect DB could have something extra for matching the local AD accounts with the corresponding Azure AD accounts, possibly leading to duplicated or orphaned accounts on the cloud side. What are the actual risks here?
User contributions licensed under CC BY-SA 3.0