How to change Directory sync service account in AAD connect ?

%3CLINGO-SUB%20id%3D%22lingo-sub-3083790%22%20slang%3D%22en-US%22%3EHow%20to%20change%20Directory%20sync%20service%20account%20in%20AAD%20connect%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3083790%22%20slang%3D%22en-US%22%3E%3CP%3ESince%20the%20Global%20admin%20account%20and%20the%20Service%20account%20is%20same%2C%20we%20are%20not%20able%20to%20apply%20MFA%20on%20it.%20Hence%20want%20to%20change%20the%20Sync%20service%20account.%20We%20tried%20to%20reconfigure%20the%20setting%20but%20dirsync%20service%20account%20is%20same%20i.e%20Global%20admin%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3083790%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAD%20Connect%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDirSync%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMFA%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eservice%20account%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3135473%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20change%20Directory%20sync%20service%20account%20in%20AAD%20connect%20%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3135473%22%20slang%3D%22en-US%22%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1060203%22%20target%3D%22_blank%22%3E%40Robin_Poulose%3C%2FA%3E%2C%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20I%20didn't%20understand%20your%20question%20correctly%2C%20do%20you%20want%20to%20change%20the%20service%20account%20used%20within%20the%20Azure%20AD%20connect%20configuration%3F%20If%20that's%20a%20yes%2C%20you%20should%20be%20able%20to%20change%20this%20by%20opening%20the%20Azure%20AD%20Synchronization%20Service%20application%20(on%20the%20Azure%20AD%20connect%20server)%2C%20browse%20to%20the%20tab%20Connectors%20%26gt%3B%20right%20click%20on%20the%20Active%20Directory%20Domain%20Services%20%26gt%3B%20choose%20Properties%20%26gt%3B%20now%20go%20to%20the%20Connect%20to%20Active%20Directory%20Forest%20option%2C%20you%20should%20see%20the%20current%20configuration%20including%20the%20account.%20Up%20here%2C%20you%20should%20be%20able%20to%20change%20the%20service%20account.%20Don't%20forget%20to%20set%20the%20correct%20permissions%20for%20the%20new%20service%20account.%3C%2FLINGO-BODY%3E
Contributor

Since the Global admin account and the Service account is same, we are not able to apply MFA on it. Hence want to change the Sync service account. We tried to reconfigure the setting but dirsync service account is same i.e Global admin

1 Reply

Hi @Robin_Poulose,

Do you want to change the service account used within the Azure AD connect configuration? If that's a yes, you should be able to change this by opening the Azure AD Synchronization Service application (on the Azure AD connect server), browse to the tab Connectors > right click on the Active Directory Domain Services > choose Properties > now go to the Connect to Active Directory Forest option, you should see the current configuration including the account. Up here, you should be able to change the service account. Don't forget to set the correct permissions for the new service account.