Share via

Improper permissions for Azure ad connect sync?

18203024 80 Reputation points
2024-04-23T15:04:52.7+00:00

So we have our azure ad synced with our on prem. We have an issue where our sync agent service stops. We have had this multiple times. I noticed that the "Log On As" is listed as "ourdomain\adconnectuser" instead of NT Service\System

Would this cause the service to stop? Should I reinstall the agent and ensure that it gets the proper NT service log on

Windows for business Windows Client for IT Pros Directory services Active Directory
Microsoft Security Microsoft Entra Microsoft Entra ID
Accepted answer
  1. Yanhong Liu 14,195 Reputation points Microsoft External Staff
    2024-04-24T06:33:15.9066667+00:00

    Hello,

    Yes, the sign-in identity settings of the Sync Proxy service may affect its proper functioning. In general, it's a good idea to configure the Sync Agent service to run as NT Service\System, which is the default.

    You can try changing the login identity of the sync agent service to NT Service\System, which can usually be done with the following steps:

    1. Open the Service Management Console (services.msc).
    2. Locate the Azure AD sync service.
    3. Double-click the Azure AD sync service to open the service properties.
    4. In the Login tab, select NT Service\System as the login identity.
    5. Identify and apply the changes.

    If changing the login identity does not resolve the issue, we recommend that you consider reinstalling the sync agent.

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.