Forum Discussion
Azure AD Connect sync account MFA support
MFA is definately the issue here, I came across your post after experiencing similar issues. MFA was enfored to all accounts by Microsoft and disrupted our AD sync. The account i authenticated with in Azure AD was set to disabled for MFA but the issue remained. After much digging i then discovered that the account actually used for the sync was an account called sync_servername_tenant.
Within the admin portal search for a user starting with Sync_ your server name should follow after the _.
Once found visit the Multi-factor authentication menu and disabled multi-factor authentication for this sync_servername account.
Its this account that is used by Azure AD Connect to sync on-prem AD to Azure. Once disabled you will find that your AD Connect sync resumes without issue.
Thanks Adam. This worked for me, pointing me in the right direction for the fix. I excluded the sync account from my MFA conditional access policies I have setup for users and admins. I saw recently that two of the pre-configured conditional access policies I had enabled to enforce MFA had been disabled by Microsoft. The two that had been disabled were "Baseline policy: Require MFA for admins (Preview)" and "Baseline policy: End user protection (Preview)". I then created two policies identical to these two baseline policies. There were links in the baseline policies to help me create my own. After I created the two policies, that is when AD Sync broke to my on prem AD. Your solution helped me to fix the issue. Thanks again.
