Azure AD Connect - cannot configure

Frederico Gil 0 Reputation points


I had "successfully" running AD Connect (password hash sync) with my on-premise AD with version

When I try install version 2.1 or above of AD Connect I received this error. Only I can install version or below.

I check all thinks, like permissions of the global admin and enterprise admin and only received this error in specific ad connect version.

[ 27] [ERROR] ConfigSyncDirectoriesPage: Caught exception while creating the connector for directory: "localdomain"

Exception Data (Raw): System.Management.Automation.CmdletInvocationException: Failed to retrieve schema.<error><error><incident><connection-result>failed-authentication</connection-result><date>2023-09-05 15:25:04.318</date><server>localdomain389</server><cd-error><error-code>0x31</error-code>

<error-literal>Invalid Credentials</error-literal>

</cd-error></incident></error></error> ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Failed to retrieve schema.<error><error><incident><connection-result>failed-authentication</connection-result><date>2023-09-05 15:25:04.318</date><server>"localdomain":389</server><cd-error><error-code>0x31</error-code>

<error-literal>Invalid Credentials</error-literal>




than you for help

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,590 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,856 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 27,561 Reputation points Microsoft Employee

    Hi @Frederico Gil ,

    It looks like you are getting the "Invalid Credentials" error right after the other error. Please make sure that you are entering the valid domain user credentials and that the user has read access and MFA enabled. Is the GA account in a federated domain and does the GA account have MFA enabled? Try to check on sign-in logs to see if the Cloud connector account is having any restriction on logging in

    If this does not help, one thing you can try is to create separate enterprise admins for all domains to restore the access.

    Another possibility is that the AD connect server is not able to reach the Active directory domain controllers. This could be because of incorrect routing or because you have ports blocked on the network. Make sure traffic is allowed on ports documented at

    If you still face this issue after checking these variables, let me know.

    0 comments No comments