SOLVED

Need to change AAD service account

%3CLINGO-SUB%20id%3D%22lingo-sub-240154%22%20slang%3D%22en-US%22%3ENeed%20to%20change%20AAD%20service%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-240154%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20using%20AD%20connect%20to%20sync%20users%2Fpasswords%20from%20on%20premise%20but%20we%20need%20to%20change%20the%20username%20and%20or%20password%20of%20the%20account%20used%20on%20the%20AAD%20connector.%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-240154%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-240709%22%20slang%3D%22en-US%22%3ERe%3A%20Need%20to%20change%20AAD%20service%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-240709%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Nestori%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-240464%22%20slang%3D%22en-US%22%3ERe%3A%20Need%20to%20change%20AAD%20service%20account%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-240464%22%20slang%3D%22en-US%22%3E%3CP%3EHaven't%20tested%20but%20this%20should%20work%3A%3C%2FP%3E%3CP%3E1.%20Create%20a%20new%20account%20for%20sync%20and%20give%20it%20a%20%22Directory%20Synchronization%20Accounts%22%20-role%3C%2FP%3E%3CPRE%3ENew-MsolUser%20-UserPrincipalName%20sync%40company.onmicrosoft.com%20-DisplayName%20%22Sync%20Account%22%20-Password%20yourpassword%20-PasswordNeverExpires%20%24true%20-ForceChangePassword%20%24false%3CBR%20%2F%3EAdd-MsolRoleMember%20-RoleName%20%22Directory%20Synchronization%20Accounts%22%20-RoleMemberEmailAddress%20sync%40company.onmicrosoft.com%3C%2FPRE%3E%3CP%3E2.%20On%20AAD%20Connect%20computer%2C%20run%20the%20following%20command%20and%20give%20the%20new%20credentials%3C%2FP%3E%3CPRE%3E%3CSPAN%3EAdd-ADSyncAADServiceAccount%3C%2FSPAN%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESee%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnectsync-howto-azureadaccount%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E%20for%20more%20details%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

We are using AD connect to sync users/passwords from on premise but we need to change the username and or password of the account used on the AAD connector. 

Thanks

2 Replies
best response confirmed by Mark McClughan (New Contributor)
Solution

Haven't tested but this should work:

1. Create a new account for sync and give it a "Directory Synchronization Accounts" -role

New-MsolUser -UserPrincipalName sync@company.onmicrosoft.com -DisplayName "Sync Account" -Password yourpassword -PasswordNeverExpires $true -ForceChangePassword $false
Add-MsolRoleMember -RoleName "Directory Synchronization Accounts" -RoleMemberEmailAddress sync@company.onmicrosoft.com

2. On AAD Connect computer, run the following command and give the new credentials

Add-ADSyncAADServiceAccount

 

See here for more details

Thanks Nestori,