Hello @Pavel Lyalyakin ,
Thank you for reaching out. From your query, I understand that you are testing Azure AD connect with one of your test Azure AD tenants however getting error 403 when you click on "Manage Azure AD cloud sync" from Azure AD portal.
Could you please confirm type of account that you used in this scenario (Guest or Member account)? because looking at above error which state that you are using Guest user for configuration. If possible, can you create a cloud-only account and then assign with Hybrid Identity Administrator role on your Azure AD? also can you confirm which AAD portal you are using to manage AD cloud sync (https://portal.azure.com or https://aad.portal.azure.com)?