May 17 2018
- last edited on
Jul 24 2020
My customer rebooted his server and the Sync Service won't start, we discovered that service account is showing as Local Admin instead of the expected AAD_mmmmm. Has anyone seen this before, now why it would happen, or have a recommendation on the best way to fix?
May 21 2018 06:30 AM
I saw this but on old directory sync, The service account AAD_mmmm is created upon installation and is a domain user so you can reset the password but usually the password is rolled/controlled by AADC....
Repair installation is probably the best way to re-link this but I cant tell you why it happens.
May 21 2018 09:25 AM
Thanks, after troubleshooting for a few hours without being able to figure out what happened we decided to uninstall and reinstall and that fixed the problem.
May 21 2018 01:47 PM
Your course of action would have been my recommendation. The AAD_xxxxx account is a local account created by the AAD Connect Wizard. The password is complex and never known. Very strange that it was changed. I usually recommend my customers to create a service account to avoid these scenarios. Then, use the Custom install method and supply your new domain service account. You can also use it to read and/or write to your AD.