Share via

Unable to Sync accounts using API-driven Provisioning to on-prem AD - HybridSynchronizationActiveDirectoryProviderNotFound

Nicolas Vanin 20 Reputation points
2024-05-06T23:59:23.4233333+00:00

I am trying to deploy an API-Driven Provisioning to on-premises AD so that using a PowerShell script I can extract user information from a Third-Party DBMS, convert it to SCIM format and then send it to Azure AD API-Driven provisions for logging and creating the user.

Ideally, we want to create the user using the Azure API-driven rather than creating the accounts locally. So far I was able to extract the user information for the database, convert it to SCIM format and then, using access_tokens, send it to Azure for further processing.
User's image

However, I am having issues when the account is trying to create the account back to on-prem AD. Here is the error I am facing *Note that no personal information is being shared, only the User ID 'A random Number' is being displayed.

User's image

I am unsure what is means when it says: Unable to reach domain controller > No active domain controller were found or Credentials provided are incorrect. Which credentials are they referring to? Our ADD Conenct can successfully sync up our objects to the cloud, so our credentials are not incorrect.

All the information is being gathered onto a domain-joined Windows Server 2019 where our ADD Connect agent is at. We used ADD Connect to sync up our local users to the cloud. Syncs works fine. and when I checked the status of the agent, it should as Active
User's image

I tried downloading the Provisioning Agent as I believe that ADD Connect does not support API-driven provisioning. However, I am unable to install the Entra Provisioning Agent on the same box as where the ADD Connect is.

Even when I try to check the Admin Credentials from the API Provisioning dashboard it shows:
User's image

Does anyone know how to remediate this issue? We want to create the accounts from Azure instead of locally, for logging and management reasons.

Thanks in advance!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,949 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 22,436 Reputation points Microsoft Employee
    2024-05-09T18:33:25.1333333+00:00

    Hi @Nicolas Vanin , this error message typically indicates that the Azure AD Connect sync service is unable to find the Active Directory domain controller that it needs to connect to in order to create the user account.

    There are a few things that you can check to troubleshoot this issue:

    1. Make sure that the domain controller that the Azure AD Connect sync service is trying to connect to is available and accessible. You can try pinging the domain controller from the server where the sync service is running to see if it responds.
    2. Check the credentials that you are using to connect to the domain controller. Make sure that they are correct and that they have the necessary permissions to create user accounts in Active Directory.
    3. Check the configuration of the Azure AD Connect sync service to make sure that it is set up correctly. You can use the Azure AD Connect Configuration Wizard to check the configuration and make any necessary changes.
    4. If you are still having trouble, you may want to try installing the Entra Provisioning Agent on a different server to see if that resolves the issue. Make sure that the server meets the system requirements for the agent and that it is configured correctly.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments