Azure AD Connector account as Directory Synchronization Account

%3CLINGO-SUB%20id%3D%22lingo-sub-1936209%22%20slang%3D%22en-US%22%3EAzure%20AD%20Connector%20account%20as%20Directory%20Synchronization%20Account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1936209%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20guys%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20installed%20AD%20Connect%20in%20my%20demo%20environment%20and%20everything%20is%20working%20great%2C%20but%20my%26nbsp%3BAzure%20AD%20Connector%20account%20is%20a%20Global%20Admin%20in%20my%20tenant%2C%20like%20a%20normal%20admin.%20I%20saw%20in%20the%20documentation%20that%20with%20the%20install%20of%20AD%20connect%20a%26nbsp%3BDirectory%20Synchronization%20Account%20is%20created%20like%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Freference-connect-accounts-permissions%23azure-ad-connector-account%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Freference-connect-accounts-permissions%23azure-ad-connector-account%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20I%20do%20not%20have%20it%20after%20the%20installation%20and%20nothing%20will%20show%20up%20if%20I%20run%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGet-AzureADDirectoryRole%20%7C%20where%20%7B%24_.DisplayName%20-eq%20%22Directory%20Synchronization%20Accounts%22%7D%20%7C%20Get-AzureADDirectoryRoleMember%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EHave%20I%20done%20something%20wrong%20and%20how%20can%20I%20obtain%20it%20after%20the%20installation%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERicardo%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1936209%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1938707%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Connector%20account%20as%20Directory%20Synchronization%20Account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1938707%22%20slang%3D%22en-US%22%3E%3CP%3EFound%20it%2C%20I%20don't%20know%20why%20this%20account%20is%20not%20created%20at%20the%20installation%2C%20but%20when%20I%20command%20%22Add-ADSyncAADServiceAccount%22%20from%20the%20AD%20connect%20server%20the%20account%20was%20created.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi guys,

 

I installed AD Connect in my demo environment and everything is working great, but my Azure AD Connector account is a Global Admin in my tenant, like a normal admin. I saw in the documentation that with the install of AD connect a Directory Synchronization Account is created like: 

 

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permission...

 

But I do not have it after the installation and nothing will show up if I run:

 

Get-AzureADDirectoryRole | where {$_.DisplayName -eq "Directory Synchronization Accounts"} | Get-AzureADDirectoryRoleMember


Have I done something wrong and how can I obtain it after the installation?

 

Regards,

 

Ricardo

 

 

1 Reply

Found it, I don't know why this account is not created at the installation, but when I command "Add-ADSyncAADServiceAccount" from the AD connect server the account was created.