Forum Discussion
Azure AD Connect sync account MFA support
MFA is definately the issue here, I came across your post after experiencing similar issues. MFA was enfored to all accounts by Microsoft and disrupted our AD sync. The account i authenticated with in Azure AD was set to disabled for MFA but the issue remained. After much digging i then discovered that the account actually used for the sync was an account called sync_servername_tenant.
Within the admin portal search for a user starting with Sync_ your server name should follow after the _.
Once found visit the Multi-factor authentication menu and disabled multi-factor authentication for this sync_servername account.
Its this account that is used by Azure AD Connect to sync on-prem AD to Azure. Once disabled you will find that your AD Connect sync resumes without issue.
This was my issue.
- Just wanted to bump this answer as this was the issue we were having as well. Thank you thank you!
Adam__Brown__ Thank you. You're a life saver! 😄
Thanks Adam. This worked for me, pointing me in the right direction for the fix. I excluded the sync account from my MFA conditional access policies I have setup for users and admins. I saw recently that two of the pre-configured conditional access policies I had enabled to enforce MFA had been disabled by Microsoft. The two that had been disabled were "Baseline policy: Require MFA for admins (Preview)" and "Baseline policy: End user protection (Preview)". I then created two policies identical to these two baseline policies. There were links in the baseline policies to help me create my own. After I created the two policies, that is when AD Sync broke to my on prem AD. Your solution helped me to fix the issue. Thanks again.
thanks, this work for me.
