Share via

unable to create synchronizatin service account for microsoft entran id

Pelham Doris 0 Reputation points
2025-05-22T02:31:25.3566667+00:00

unable to create synchronizatin service account for microsoft entran id

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Krunal Patel 5 Reputation points
    2025-05-22T04:43:48.2966667+00:00

    It sounds like you're running into trouble setting up a synchronization service account for Microsoft Entra ID.

    Here are a few things to check:

    • Account Type: Microsoft Entra Connect supports different types of service accounts, including Virtual Service Accounts (VSA), Managed Service Accounts (gMSA/sMSA), and regular User Accounts. Choosing the right one is crucial.
    • Installation Method: If you're using Express installation, a Virtual Service Account is typically created automatically. If you're using Custom installation, you may need to specify the account manually.
    • Permissions: If you're using an existing AD account, ensure it has the necessary permissions for synchronization. Incorrect permissions can cause sync failures.
    • Here are 2 Article it may help you to resolve issue. https://www.alitajran.com/create-ad-ds-connector-account/ https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/concept-adsync-service-account

    if you can help to describe issue in detail or share screenshot it would help to resolve an issue.

    thanks

    1 person found this answer helpful.
    0 comments
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  3. Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
    2025-05-23T13:13:29.68+00:00

    Hi @Pelham Doris

    I understand that you are having trouble creating the synchronization service account for Entra Connect sync.

    It looks like your newly created Azure AD connector sync account is being blocked by a Conditional Access policy /MFA policy which requests registration of your connector account user. To resolve this, you can exclude this user from Conditional Access/MFA policies.

    If you find the newly created user, the name will be prefixed with "Sync_" as described in this article -https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/reference-connect-accounts-permissions#microsoft-entra-connector-account

    Navigate to this users' non-interactive sign-in logs, and check for the logins which fail with "AADSTS50079" - In here you can check which Conditional Access policies are blocking the sign-in, the policy is requiring the user to register for MFA which it cannot do as it is a service account.

    Once you determine which policies are enforcing MFA for this account, you can exclude this user from the impacting policies and retry the installer.

    Also, there are other possible things to check:

    Ensure that TLS 1.2 is enabled to allow successful authentication.

    Make sure you check the legacy per-user MFA settings in the Admin Portal as well through the direct link to the relevant portal here. Alternatively, you can search for "MFA" in the top search bar within the M365 admin center and select "Multi-factor authentication" under Settings. If MFA is set to enabled, the account will be blocked from signing in and you will need to set it to "Disabled." Then restart the wizard.

    Hope this helps. If you still do not see enough information to isolate the issue, please let me know in the comment section.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.