Share via

permission-issue Errror 8344 Insufficient access rights to perform the operation

lj laureta 1 Reputation point
2022-11-24T00:57:14.66+00:00

Currently we have 2 On-premised domain controllers: Company A is a Forest and Company B is a Domain Tree, right now we have successfully connected Company A to Azure AD, but when we connect Company B to Our Azure AD error has occurred particularly to the User included in Company B that needs to be
included to Sync into cloud.

Basically, we are trying to achieve Multiple Domain to Single Azure AD Tenant

Errors:

  1. permission-issue
  2. Error 8344
  3. .Insufficient access rights to perform the operation
  4. Unrecognize Guid Format

Please see attachement for detail error

![263607-8334.png][1]

![263691-unrecognize-guid-format.png][3]

[1]: /api/attachments/263607-8334.png?platform=QnA [3]: /api/attachments/263691-unrecognize-guid-format.png?platform=QnA

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,918 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,763 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sandeep G-MSFT 20,736 Reputation points Microsoft Employee
    2022-11-24T06:08:11.597+00:00

    @lj laureta

    If you are tried to sync company B to same Azure AD tenant where company A is syncing objects, then you need to have a trust between company A and Company B.

    As per the above error it seems like AD connect is trying to write something back to company B for particular object, and there are no proper permissions set for AD connect connector account on the company B object.

    There is some attribute which is trying to get written back to company B on-premises AD which might failing due to lack of permissions for AD connector account.

    you can refer below article to get all the permission in place in company B AD connect connector account
    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions#create-the-ad-ds-connector-account

    Do let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments
  2. Amit Singh 5,221 Reputation points
    2022-11-24T10:41:09.833+00:00
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.