AD Connect Staging Server Install Fail

Jeff 131 Reputation points


On-premise production AADC server ("ADC01") running ADConnect v1.6.16.0 on Windows Server 2012 R2

Upgrade ADConnect on ADC01 to v2.1.20.0 (or higher)

Agreed Process:

  1. Install Server 2022 VM ("ADC02") in Azure to act as an ADConnect Staging Server
  2. Export config from ADC01
  3. Install ADConnect on ADC02, importing the config from ADC01, and selecting Staging Mode at the end (and unticking 'Start the synch process"!)
  4. Switch production services from ADC01 to ADC02
  5. Rebuild ADC01 to Server 2022, then follow same process to install ADConnect to ADC01

No surprises there, I don't think.

During step 3 however, I got an error (sorry, didn't grab a screenshot, but it was after the "Creating synchronisation account" message hung around for a couple of minutes, a message which itself I thought was odd since I expected it to use the existing account), and then when I retried the wizard, this message:

As you can see it suggests posting a question here, so here I am!

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,765 questions
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 14,806 Reputation points Microsoft Employee


    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    Answered by @Jeff


    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Andy David - MVP 121.1K Reputation points MVP

    It wont use the existing account unless you tell it to..
    Note that W2022 is not currently supported:


    1 person found this answer helpful.

  2. Jeff 131 Reputation points

    Conditional Access (CA) was getting 'in the way'. We have a CA policy that imposes MFA which, unsurprisingly, wouldn't work with the Azure AD Account.

    Adding that account to the AAD group that excludes its members from that CA policy fixed the issue.

    (I also re-built the server to Windows Server 2019, though that had no bearing on the issue we experienced)

    1 person found this answer helpful.
    0 comments No comments

  3. Thameur-BOURBITA 16,591 Reputation points


    Agree with AndyDavid, you have to downgrade the operating system to Windows 2019.
    Check also the log file , you should have a event may help you to identify the issue.

    Please don't forget to mark helpful reply as answer

    0 comments No comments