Error when trying to install Azure AD Connect

Hedi Gardi 46

Is there anyone who gets the same error as below while installing the Azure AD Connect on a Windows Server?

Is there anyway to resolve this error?

error azure ad connect

The log file:

trace-20230822-053733.log

Peter Bozem 21 Reputation points

2023-08-21T12:00:22.18+00:00

We're experiencing the same behaviour in one of our test environments.
Luke Buckley 10 Reputation points

2023-08-21T13:24:34.0566667+00:00
Actually having the same issue here - full global admin rights, server 2016 (fully updated) and AADC 2.2.1 , identical errors in the logs to Hedi from the post here:

https://answers.microsoft.com/en-us/windowserver/forum/all/error-when-trying-to-install-azure-ad-connect-on/5cde5ae7-56f0-43f4-97f1-d5e3c6edba5a

We've tried enabling manually as well and powershell fails with:

Set-MsolDirSyncEnabled -EnableDirSync $true -Force

Set-MsolDirSyncEnabled : Unable to complete this action. Try again later.

At line:1 char:1

Set-MsolDirSyncEnabled -EnableDirSync $true -Force
Peter Bozem 21 Reputation points

2023-08-22T06:27:26.35+00:00

Exactly same behaviour with our case
Jamie Wilson 10 Reputation points

2023-08-22T15:01:09.3233333+00:00

I have the same issue with cdx. The same steps with a Developer tenant worked fine
Steve Wiggins 5 Reputation points

2023-08-22T22:16:22.51+00:00

AAD Connect has been borked for new installations for almost 2 weeks now. I did some digging in ILSpy at the underlying binaries and it seems like AADC merely imports the MSOnline module and invokes the same command you could do manually.

In ILSpy, all the references for the API calls are HTTP only and my money is on Microsoft disabling an endpoint that the MSOnline module calls, which in turn breaks our ability to change organisation configuration.

Accepted answer

patrickmeeuwis 325 Reputation points

2023-08-23T07:54:29.17+00:00

@Hedi Gardi It looks like their is something going wrong with the status of the verification of your domains in your tenant. Could you please post the output of the following commands;

$credentials=Get-Credential
Connect-MsolService -Credential $credentials
Get-MsolDomain

If you have a unverified domain I would suggest to remove that domain by the following command;

Remove-MsDolDomain

Then run the following command;

Set-MsolDirSyncEnabled -EnableDirSync $True

After that, you could check the status of your domains again by running the following command;

Get-MsolDomain

Please let me know.
Please sign in to rate this answer.

1 person found this answer helpful.
Peter Bozem 21 Reputation points

2023-08-23T08:57:49.12+00:00

@patrickmeeuwis I'm not sure how Hedi's output will look like but we're having two verified domains and still the same error.

Hedi Gardi 46 Reputation points

2023-08-23T09:52:10.3733333+00:00

@patrickmeeuwis I have only 1 domain which is verifierd as you can see on the screenshot here as well.

patrickmeeuwis 325 Reputation points

2023-08-23T10:02:20.6133333+00:00

@Hedi Gardi What's the output of the following commands;
Get-MsolCompanyInformation | fl DirectorySynchronizationEnabled,DirectorySynchronizationEnabled
Set-MsolDirSyncEnabled -EnableDirSync $True

Have you ever tried an older version of AAD Connect?

Hedi Gardi 46 Reputation points

2023-08-23T11:23:11.4766667+00:00

@patrickmeeuwis There might have been a previous issue that caused this functionality to stop working. However, it seems that the problem has now been resolved, as the PowerShell command "Set-MsolDirSyncEnabled -EnableDirSync $True" executed successfully and the initial error has disappeared.

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Hedi Gardi 46 Reputation points

2023-08-23T11:37:23.1233333+00:00

@patrickmeeuwis Thanks, you too.
Sign in to comment

4 additional answers

Andy David - MVP 145.1K Reputation points MVP

2023-08-21T13:41:59.3233333+00:00

Sounds like its time to open a support case with Azure. Wonder if those commands are deprecated.
Please sign in to rate this answer.

1 person found this answer helpful.
Luke Buckley 10 Reputation points

2023-08-21T14:34:11.81+00:00

Yep, great call. just waiting to hear back

Hedi Gardi 46 Reputation points

2023-08-22T12:37:23.0166667+00:00

I have already created a support ticket with Microsoft. but I have not received any response yet.
Sign in to comment
Hedi Gardi 46 Reputation points

2023-08-23T11:14:11.0366667+00:00

@patrickmeeuwis There might have been a previous issue that caused this functionality to stop working. However, it seems that the problem has now been resolved, as the PowerShell command "Set-MsolDirSyncEnabled -EnableDirSync $True" executed successfully and the initial error has disappeared.
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment
patrickmeeuwis 325 Reputation points

2023-08-21T09:06:07.7566667+00:00

Hi Hedi, can you add the log as mentioned in the printscreen? Which Azure-permissions does your account have which you entered during the setup of AAD Connect?
Please sign in to rate this answer.
Hedi Gardi 46 Reputation points

2023-08-22T12:48:04.78+00:00

Hi @patrickmeeuwis ,

Here is the log file attached: trace-20230822-053733.log
The account which I have been using during the AAD Connect install has Global Admin-role.

Jamie Wilson 10 Reputation points

2023-08-22T15:00:45.3766667+00:00

I have the same issue with cdx. The same steps with a Developer tenant worked fine

Kashif Imran 0 Reputation points

2023-08-28T19:45:02.1933333+00:00

Hi,

I faced the same issue while setting up test tenant and didn't found anything on internet that help me out. In my case I found a lead when I tried to setup another test tenant:

Microsoft actually updated commands for AD sync. Please run Update-MgOrganization with your Tenant id and then run ADsync, it will work.

You can go through following links for more details.

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/migrate-your-apps-to-access-the-license-managements-apis-from/ba-p/2464366

And here is the list of commands that has been updated: https://learn.microsoft.com/en-us/powershell/microsoftgraph/azuread-msoline-cmdlet-map?view=graph-powershell-1.0#directory
Sign in to comment
Kashif Imran 0 Reputation points

2023-08-28T19:51:15.15+00:00

Hi,

I faced the same issue while setting up test tenant and didn't found anything on internet that help me out. In my case I found a lead when I tried to setup another test tenant:

Microsoft actually updated commands for AD sync. Please run Update-MgOrganization with your Tenant id and then run ADsync, it will work. You will need to install module Microsoft.Graph.Identity.DirectoryManagement first to run Update-MgOrganization.

You can go through following links for more details.

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/migrate-your-apps-to-access-the-license-managements-apis-from/ba-p/2464366

And here is the list of commands that has been updated: https://learn.microsoft.com/en-us/powershell/microsoftgraph/azuread-msoline-cmdlet-map?view=graph-powershell-1.0#directory
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

Error when trying to install Azure AD Connect

4 additional answers