My customer rebooted his server and the Sync Service won't start, we discovered that service account is showing as Local Admin instead of the expected AAD_mmmmm. Has anyone seen this before, now why it would happen, or have a recommendation on the best way to fix?
I saw this but on old directory sync, The service account AAD_mmmm is created upon installation and is a domain user so you can reset the password but usually the password is rolled/controlled by AADC....
Repair installation is probably the best way to re-link this but I cant tell you why it happens.
Your course of action would have been my recommendation. The AAD_xxxxx account is a local account created by the AAD Connect Wizard. The password is complex and never known. Very strange that it was changed. I usually recommend my customers to create a service account to avoid these scenarios. Then, use the Custom install method and supply your new domain service account. You can also use it to read and/or write to your AD.