Changing the AD DS connector account password
The AD DS connector account refers to the user account used by Microsoft Entra Connect to communicate with on-premises Active Directory. If you change the password of the AD DS connector account in AD, you must update Microsoft Entra Connect Synchronization Service with the new password. Otherwise, the Synchronization can no longer synchronize correctly with the on-premises Active Directory and you will encounter the following errors:
In the Synchronization Service Manager, any import or export operation with on-premises AD fails with no-start-credentials error.
Under Windows Event Viewer, the application event log contains an error with Event ID 6000 and message 'The management agent "contoso.com" failed to run because the credentials were invalid'.
How to update the Synchronization Service with new password for AD DS connector account
To update the Synchronization Service with the new password:
Start the Synchronization Service Manager (START → Synchronization Service).
Go to the Connectors tab.
Select the AD Connector that corresponds to the AD DS connector account for which its password was changed.
Under Actions, select Properties.
In the pop-up dialog, select Connect to Active Directory Forest:
Enter the new password of the AD DS connector account in the Password textbox.
Click OK to save the new password and close the pop-up dialog.
Restart the Microsoft Entra ID Sync service under Windows Service Control Manager. This is to ensure that any reference to the old password is removed from the memory cache.
Next steps
Overview topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for