![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 27%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
25,081 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 17%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVJ%3C/text%3E%3C/svg%3E)
Hello JanA,
According to the description given, it appears that you have been syncing your on-premises domain to Azure for some time now and are currently attempting to set up Hybrid Azure AD Join, but are encountering issues while enabling the feature.
Please confirm that you have validated the listed recommendations and review the following details to ensure their accuracy.
Microsoft Entra Connect must be installed on a domain-joined Windows Server 2016 or later. We recommend using domain-joined Windows Server 2022.
You must have a Microsoft Entra Global Administrator account or Hybrid Identity Administrator account for the Microsoft Entra tenant you want to integrate with.
If you plan to use Microsoft Entra Connect Health for syncing, you need to use a Global Administrator account to install Microsoft Entra Connect Sync. If you use a Hybrid Identity Administrator account, the agent is installed but in a disabled state.
Microsoft Entra Connect (version 1.1.614.0 and after) by default uses TLS 1.2 for encrypting communication between the sync engine and Microsoft Entra ID. If TLS 1.2 isn't available on the underlying operating system, Microsoft Entra Connect incrementally falls back to older protocols (TLS 1.1 and TLS 1.0). From Microsoft Entra Connect version 2.0 onwards. TLS 1.0 and 1.1 are no longer supported and installation fails if TLS 1.2 isn't enabled.
Microsoft recommends you follow the below document to enable TLS 1.2 on your Entra Connect Server.
Make sure you have the .NET 4.5.1 hotfix installed for your operating system. For more information, see Microsoft Security Advisory 2960358. You might have this hotfix or a later release installed on your server already.
Reference:
https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/2960358
DCOM prerequisites on the synchronization server
During the installation of the synchronization service, Microsoft Entra Connect checks for the presence of the following registry key:
HKEY_LOCAL_MACHINE: Software\Microsoft\Ole
Under this registry key, Microsoft Entra Connect checks to see if the following values are present and uncorrupted
MachineAccessRestriction
MachineLaunchRestriction
DefaultLaunchPermission
Preliminary troubleshooting steps:
Ensure that the service account running Azure AD Connect has the necessary permissions in both on-premises AD and Azure AD.
The service account should have Enterprise Admin permissions in on-prem AD (for reading and writing objects) and Global Admin in Azure AD (for writing user data).
Check if the Microsoft Azure AD Sync Service is running on the server.
Open Services (services.msc), search for Microsoft Azure AD Sync, and make sure the service is started.
If it’s not running, start it manually.
If you're using Azure AD Connect Health, you can view the sync status:
Go to the Azure portal: https://portal.azure.com.
Navigate to Azure Active Directory.
Under Monitoring, click on Azure AD Connect.
Check the sync status on the Azure AD Connect Health Dashboard. This provides insights into any issues with sync operations.
Check the Synchronization Service logs for error messages:
On the Azure AD Connect server, open the Synchronization Service Manager.
Go to Operations and look for any failed sync attempts or errors.
Please refer the below document.
I suggest you verify if your version of AD-Connect tool is functional.
Reference :
https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-version-history