This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 36%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
OK! I screwed up....
I have a demo environment with OnPrem AD and AAD.
Now I will totally rebuild the OnPrem environment with a new AD. The issue is that I want to sync that with my old AAD so I dont have build a new one, and they also have to same domain name
Can I delete my old AD domain from AAD and sync AAD to my new AD domain. Have search like a idiot but dont find a solution :( Any help very appreciated
/kent
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Kent Söderlund ,
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.
SOLVED!
The user that AD Sync creates gets automatically MFA requirements. That policy have to be disabled during the installation
Hi,
This is known as multiple forest and single AAD Connect configuration - so in your case you can add new AD Domain that you are rebuilding and sync it across to AAD, remove the old AD Domain from the configuration.
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/plan-connect-topologies
Sync back is only for attributes and passwords, you can setup local AD with users and groups from AAD, the reason you cannot find solution is that it is not available to rebuild the AD Domain from AAD, you should have backup and snapshot of the AD as this is proper way to restore AD.
Hope this helps.
JS
==
Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.
Hell and thanks for your answer
When I run Azure ASD Connect from the new domain I get an error message saying (and I have run it several times):
[10:37:11.445] [ 9] [ERROR] ExecuteADSyncConfiguration: configuration failed. Skipping export of synchronization policy. resultStatus=Failed
[10:37:11.471] [ 9] [ERROR] PerformConfigurationPageViewModel: An error occurred while creating the synchronization service account in Azure AD. The error was: Unable to create the synchronization service account for Azure Active Directory. Retrying this operation may help resolve the issue.
[10:37:11.471] [ 9] [ERROR] PerformConfigurationPageViewModel: Unable to create the synchronization service account for Azure Active Directory. Retrying this operation may help resolve the issue.
I have now examined the sync user login, and AAD requires MFA for that user :( And I cant find to disable "Require MFA for all users - Basic" which requires all users to use MFA?
