Azure Active Directory Connect Version 2.0 - Installation Error

%3CLINGO-SUB%20id%3D%22lingo-sub-2783347%22%20slang%3D%22en-US%22%3EAzure%20Active%20Directory%20Connect%20Version%202.0%20-%20Installation%20Error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783347%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20trying%20to%20install%20Azure%20AD%20Connect%20on%202019%20server.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20uninstalled%20older%20version%20of%20AD%20Connect%20from%20server%202016.%20Than%20i%20tried%20installing%20V%202.0%20to%20Server%202019%20but%20got%20these%20errors.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%5B14%3A17%3A28.123%5D%20%5B110%5D%20%5BERROR%5D%20Error%20granting%20directory%20permissions%20to%20account%3A%20MIDWEST-HEALTH.COM%5CMSOL_3bb18b91def3%20using%20credentials%3A%20MIDWEST-HEALTH.COM%5Caos365.%20Check%20the%20event%20log%20for%20additional%20details%3CBR%20%2F%3E%5B14%3A17%3A28.124%5D%20%5B110%5D%20%5BERROR%5D%20Caught%20exception%20while%20creating%20synchronization%20account.%3CBR%20%2F%3EException%20Data%20(Raw)%3A%20System.DirectoryServices.DirectoryServicesCOMException%20(0x8007202F)%3A%20A%20constraint%20violation%20occurred.%3C%2FP%3E%3CP%3Eat%20System.DirectoryServices.DirectoryEntry.CommitChanges()%3CBR%20%2F%3Eat%20Microsoft.Online.DirSync.Common.DomainAccountUtility.UpdatePermissionsOnDomains(DomainCollection%20domains%2C%20SecurityIdentifier%20sid%2C%20AccessControlEntryUpdateAction%20actionType%2C%20ActiveDirectoryRights%20accessType%2C%20Guid%20accessRightsGuid%2C%20Boolean%20applyToAdminSDHolder%2C%20Guid%20inheritedObject%2C%20ActiveDirectorySecurityInheritance%20inheritanceType)%3CBR%20%2F%3Eat%20Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActiveDirectoryPermissionsHelper.UpdateAccessRightsOnAllDomainsInForest(String%20forestFQDN%2C%20NetworkCredential%20domainAdminCredential%2C%20String%20samAccountName%2C%20AccessControlEntryUpdateAction%20accessControlEntryUpdateAction%2C%20ActiveDirectoryRights%20accessType%2C%20Guid%20accessRightsGuid%2C%20Boolean%20applyToAdminSDHolder%2C%20Guid%20inheritedObject%2C%20ActiveDirectorySecurityInheritance%20inheritanceType)%3CBR%20%2F%3Eat%20Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActiveDirectoryPermissionsHelper.GrantReplicationGetChangesPermissionToAllDomainsInForest(String%20forestFQDN%2C%20NetworkCredential%20domainAdminCredential%2C%20String%20synchronizationAccountName)%3CBR%20%2F%3Eat%20Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ADConnectorAccountProvider.GrantAllActiveDirectoryPermissions(String%20forestFQDN%2C%20NetworkCredential%20enterpriseAdminCredential%2C%20String%20syncAccountName)%3CBR%20%2F%3Eat%20Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ADConnectorAccountProvider.CreateADConnectorAccount(String%20forestFQDN%2C%20NetworkCredential%20domainAdminCredential%2C%20String%20installationIdentifier%2C%20String%20tenantDisplayName)%3CBR%20%2F%3Eat%20Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(Action%601%20UpdateProgressText)%3CBR%20%2F%3E%5B14%3A17%3A28.124%5D%20%5B110%5D%20%5BINFO%20%5D%20ConfigureSyncEngineStage.StartADSyncConfiguration%3A%20AADConnectResult.Status%3DFailed%3CBR%20%2F%3E%5B14%3A17%3A28.124%5D%20%5B110%5D%20%5BINFO%20%5D%20ConfigureSyncEngineStage.StartADSyncConfiguration%3A%20Error%20details%3A%20System.DirectoryServices.DirectoryServicesCOMException%20(0x8007202F)%3A%20A%20constraint%20violation%20occurred.%3C%2FP%3E%3CP%3Eat%20System.DirectoryServices.DirectoryEntry.CommitChanges()%3CBR%20%2F%3Eat%20Microsoft.Online.DirSync.Common.DomainAccountUtility.UpdatePermissionsOnDomains(DomainCollection%20domains%2C%20SecurityIdentifier%20sid%2C%20AccessControlEntryUpdateAction%20actionType%2C%20ActiveDirectoryRights%20accessType%2C%20Guid%20accessRightsGuid%2C%20Boolean%20applyToAdminSDHolder%2C%20Guid%20inheritedObject%2C%20ActiveDirectorySecurityInheritance%20inheritanceType)%3CBR%20%2F%3Eat%20Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActiveDirectoryPermissionsHelper.UpdateAccessRightsOnAllDomainsInForest(String%20forestFQDN%2C%20NetworkCredential%20domainAdminCredential%2C%20String%20samAccountName%2C%20AccessControlEntryUpdateAction%20accessControlEntryUpdateAction%2C%20ActiveDirectoryRights%20accessType%2C%20Guid%20accessRightsGuid%2C%20Boolean%20applyToAdminSDHolder%2C%20Guid%20inheritedObject%2C%20ActiveDirectorySecurityInheritance%20inheritanceType)%3CBR%20%2F%3Eat%20Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActiveDirectoryPermissionsHelper.GrantReplicationGetChangesPermissionToAllDomainsInForest(String%20forestFQDN%2C%20NetworkCredential%20domainAdminCredential%2C%20String%20synchronizationAccountName)%3CBR%20%2F%3Eat%20Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ADConnectorAccountProvider.GrantAllActiveDirectoryPermissions(String%20forestFQDN%2C%20NetworkCredential%20enterpriseAdminCredential%2C%20String%20syncAccountName)%3CBR%20%2F%3Eat%20Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ADConnectorAccountProvider.CreateADConnectorAccount(String%20forestFQDN%2C%20NetworkCredential%20domainAdminCredential%2C%20String%20installationIdentifier%2C%20String%20tenantDisplayName)%3CBR%20%2F%3Eat%20Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(Action%601%20UpdateProgressText)%3CBR%20%2F%3Eat%20Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfiguration(Action%601%20UpdateProgressText)%3CBR%20%2F%3E%5B14%3A17%3A28.125%5D%20%5B110%5D%20%5BERROR%5D%20ExecuteADSyncConfiguration%3A%20configuration%20failed.%20Skipping%20export%20of%20synchronization%20policy.%20resultStatus%3DFailed%3CBR%20%2F%3E%5B14%3A17%3A28.129%5D%20%5B110%5D%20%5BERROR%5D%20PerformConfigurationPageViewModel%3A%20An%20error%20occurred%20while%20retrieving%20the%20Active%20Directory%20schema.%20The%20error%20was%3A%20A%20constraint%20violation%20occurred.%3C%2FP%3E%3CP%3E%5B14%3A17%3A28.129%5D%20%5B110%5D%20%5BERROR%5D%20PerformConfigurationPageViewModel%3A%20A%20constraint%20violation%20occurred.%3C%2FP%3E%3CP%3E%5B14%3A25%3A03.188%5D%20%5B%201%5D%20%5BINFO%20%5D%20Opened%20log%20file%20at%20path%20C%3A%5CProgramData%5CAADConnect%5Ctrace-20210924-133604.log%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3EPlease%20help.%20I%20have%20about%203000%20users%20that%20are%20not%20syncing.%20Microsoft%20support%20is%20not%20helping.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2783347%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

I am trying to install Azure AD Connect on 2019 server. 

 

I uninstalled older version of AD Connect from server 2016. Than i tried installing V 2.0 to Server 2019 but got these errors. 

 

[14:17:28.123] [110] [ERROR] Error granting directory permissions to account: MIDWEST-HEALTH.COM\MSOL_3bb18b91def3 using credentials: MIDWEST-HEALTH.COM\aos365. Check the event log for additional details
[14:17:28.124] [110] [ERROR] Caught exception while creating synchronization account.
Exception Data (Raw): System.DirectoryServices.DirectoryServicesCOMException (0x8007202F): A constraint violation occurred.

at System.DirectoryServices.DirectoryEntry.CommitChanges()
at Microsoft.Online.DirSync.Common.DomainAccountUtility.UpdatePermissionsOnDomains(DomainCollection domains, SecurityIdentifier sid, AccessControlEntryUpdateAction actionType, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActiveDirectoryPermissionsHelper.UpdateAccessRightsOnAllDomainsInForest(String forestFQDN, NetworkCredential domainAdminCredential, String samAccountName, AccessControlEntryUpdateAction accessControlEntryUpdateAction, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActiveDirectoryPermissionsHelper.GrantReplicationGetChangesPermissionToAllDomainsInForest(String forestFQDN, NetworkCredential domainAdminCredential, String synchronizationAccountName)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ADConnectorAccountProvider.GrantAllActiveDirectoryPermissions(String forestFQDN, NetworkCredential enterpriseAdminCredential, String syncAccountName)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ADConnectorAccountProvider.CreateADConnectorAccount(String forestFQDN, NetworkCredential domainAdminCredential, String installationIdentifier, String tenantDisplayName)
at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(Action`1 UpdateProgressText)
[14:17:28.124] [110] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed
[14:17:28.124] [110] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: Error details: System.DirectoryServices.DirectoryServicesCOMException (0x8007202F): A constraint violation occurred.

at System.DirectoryServices.DirectoryEntry.CommitChanges()
at Microsoft.Online.DirSync.Common.DomainAccountUtility.UpdatePermissionsOnDomains(DomainCollection domains, SecurityIdentifier sid, AccessControlEntryUpdateAction actionType, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActiveDirectoryPermissionsHelper.UpdateAccessRightsOnAllDomainsInForest(String forestFQDN, NetworkCredential domainAdminCredential, String samAccountName, AccessControlEntryUpdateAction accessControlEntryUpdateAction, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActiveDirectoryPermissionsHelper.GrantReplicationGetChangesPermissionToAllDomainsInForest(String forestFQDN, NetworkCredential domainAdminCredential, String synchronizationAccountName)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ADConnectorAccountProvider.GrantAllActiveDirectoryPermissions(String forestFQDN, NetworkCredential enterpriseAdminCredential, String syncAccountName)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ADConnectorAccountProvider.CreateADConnectorAccount(String forestFQDN, NetworkCredential domainAdminCredential, String installationIdentifier, String tenantDisplayName)
at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(Action`1 UpdateProgressText)
at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfiguration(Action`1 UpdateProgressText)
[14:17:28.125] [110] [ERROR] ExecuteADSyncConfiguration: configuration failed. Skipping export of synchronization policy. resultStatus=Failed
[14:17:28.129] [110] [ERROR] PerformConfigurationPageViewModel: An error occurred while retrieving the Active Directory schema. The error was: A constraint violation occurred.

[14:17:28.129] [110] [ERROR] PerformConfigurationPageViewModel: A constraint violation occurred.

[14:25:03.188] [ 1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20210924-133604.log



Please help. I have about 3000 users that are not syncing. Microsoft support is not helping. 

0 Replies