Share via

Error code: HybridSynchronizationInvalidResourceRequested

Network Admin 0 Reputation points
2026-04-03T14:56:46.1766667+00:00

Get the error: "Unable to reach the domain %DomainName%. Please go to your on-prem server, re-run the provisioning agent wizard and enter your domain credentials to fix this issue." I tried several times over the last week to re-run the provisioning agent on both of my agent servers and still get the error. The Cloud Sync configuration shows "Provisioning quarantined" which comes back in a few minutes if I clear it. I tried running the power shell script "Repair-AADCloudSyncToolsAccount" which also didn't fix the issue. The syncing appears to be working. This issue occurred after I migrated both Cloud Sync servers from one hypervisor platform to another.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thanmayi Godithi 9,210 Reputation points Microsoft External Staff Moderator
    2026-04-03T15:10:52.4266667+00:00

    Hi Network Admin ,

    This behavior is expected after migrating the Cloud Sync agent servers to a different hypervisor. Although the agent services may appear healthy and some sync operations continue, the agent’s machine‑bound registration and certificates become invalid after the migration. This causes Microsoft Entra Cloud Sync to lose proper authorization to your on‑premises domain, which results in the error “Unable to reach the domain” and repeatedly places provisioning into a quarantined state.

    Re‑running the provisioning wizard or executing Repair-AADCloudSyncToolsAccount does not resolve this scenario because those actions do not re‑register the agent’s underlying identity. The supported resolution is to fully uninstall the Microsoft Entra Provisioning Agent, remove the stale agent entries from the Entra admin center, reboot the servers, and then reinstall and re‑register the agents so they can recreate the service account bindings and certificates correctly. Once reinstalled, provisioning should remain healthy and no longer return to quarantine.

    Please let us know if this does not fully resolve the issue or if you need assistance validating the agent status after reinstallation. Refer: Microsoft Entra Cloud Sync troubleshooting - Microsoft Entra ID | Microsoft Learn

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.