AD Connect Staging Server Install Fail

Jeff 131 Reputation points
2022-11-15T16:21:58.713+00:00

Hi

Scenario:
On-premise production AADC server ("ADC01") running ADConnect v1.6.16.0 on Windows Server 2012 R2

Requirement:
Upgrade ADConnect on ADC01 to v2.1.20.0 (or higher)

Agreed Process:

  1. Install Server 2022 VM ("ADC02") in Azure to act as an ADConnect Staging Server
  2. Export config from ADC01
  3. Install ADConnect on ADC02, importing the config from ADC01, and selecting Staging Mode at the end (and unticking 'Start the synch process"!)
  4. Switch production services from ADC01 to ADC02
  5. Rebuild ADC01 to Server 2022, then follow same process to install ADConnect to ADC01

No surprises there, I don't think.

During step 3 however, I got an error (sorry, didn't grab a screenshot, but it was after the "Creating synchronisation account" message hung around for a couple of minutes, a message which itself I thought was odd since I expected it to use the existing account), and then when I retried the wizard, this message:
260636-ad-connect-wizard-fail.jpg

As you can see it suggests posting a question here, so here I am!

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,765 questions
0 comments
Accepted answer
  1. Givary-MSFT 14,806 Reputation points Microsoft Employee
    2022-11-21T09:58:26.407+00:00

    @Jeff

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    Answered by @Jeff

    262547-image.png

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 121.1K Reputation points MVP
    2022-11-15T16:25:50.253+00:00

    It wont use the existing account unless you tell it to..
    Note that W2022 is not currently supported:

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites#installation-prerequisites

    260538-image.png

    1 person found this answer helpful.
  2. Jeff 131 Reputation points
    2022-11-21T09:30:35.363+00:00

    Conditional Access (CA) was getting 'in the way'. We have a CA policy that imposes MFA which, unsurprisingly, wouldn't work with the Azure AD Account.

    Adding that account to the AAD group that excludes its members from that CA policy fixed the issue.

    (I also re-built the server to Windows Server 2019, though that had no bearing on the issue we experienced)

    1 person found this answer helpful.
    0 comments
  3. Thameur-BOURBITA 16,591 Reputation points
    2022-11-15T22:36:28.477+00:00

    Hi,

    Agree with AndyDavid, you have to downgrade the operating system to Windows 2019.
    Check also the log file , you should have a event may help you to identify the issue.

    Please don't forget to mark helpful reply as answer

    0 comments