AD Sync service account accidentally removed from the list of allowed users

Tomass Pētersons 336 Reputation points
2022-12-02T00:32:02.107+00:00

Hi,

I accidentally removed the AD Sync service account from the list of allowed users while doing the preparations before demoting the old domain controller. When I removed it from the old domain controller's allowed user list, it also disappeared from the new domain controller's list where AD Connect is currently running.
266375-1.png

By looking at the AD Sync service, I can see which account is being used.
266330-2.png

The problem is that I can't add this account back to allowed users because this account simply doesn't exist. :D When using the Browse option I can't find it. Trying to manually type in the username for this service account, it doesn't add it to the list.
Although currently AD Connect is working without problems and synchronization between AD and the cloud is working fine, even after the server is restarted, I'm a bit doubtful if there might be any problems if this account is not in the list of allowed users?

I have access to one other server that also runs AD Connect. I see that the service account is listed by default.
266376-3.png

Thanks!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,398 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Michael Durkan 12,216 Reputation points MVP
    2022-12-02T18:02:01.407+00:00

    Hi

    this account is only used for Synchronization and is created during installation when using Express Settings. As you have seen, if you go into "Synchronization Service" on the server that is using Azure AD Connect, it will show this account as the one that is running the Sync Service:

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions#adsync-service-account

    It shouldn't need any interactive logon rights to the server as it doesn't need them.

    Hope this helps,

    Thanks

    Michael Durkan

    • If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.