Home

Service Account for AAD Connect Changed after reboot

Dean Gross
Respected Contributor

My customer rebooted his server and the Sync Service won't start, we discovered that service account is showing as Local Admin instead of the expected AAD_mmmmm. Has anyone seen this before, now why it would happen, or have a recommendation on the best way to fix?

 

TIA

4 Replies

I saw this but on old directory sync, The service account AAD_mmmm is created upon installation and is a domain user so you can reset the password but usually the password is rolled/controlled by AADC....

Repair installation is probably the best way to re-link this but I cant tell you why it happens.

Thanks, after troubleshooting for a few hours without being able to figure out what happened we decided to uninstall and reinstall and that fixed the problem. 

Hello Dean,

 

Your course of action would have been my recommendation. The AAD_xxxxx account is a local account created by the AAD Connect Wizard. The password is complex and never known. Very strange that it was changed. I usually recommend my customers to create a service account to avoid these scenarios. Then, use the Custom install method and supply your new domain service account. You can also use it to read and/or write to your AD.

I had a very similar scenario after an update of AD Connect was installed. 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies