Share via

Azure AD Connect 2.4.129 Install Failure

tim tavanello 0 Reputation points
2025-04-17T17:49:03.0333333+00:00

Config: "Unable to create the synchronization service account for Microsoft Entra ID, Retrying this operation may help resolve the issue"

EventLog:[Error: ID: 906]

The ADSync service is not allowed to interact with the desktop to authenticate ******@KBNADEV.onmicrosoft.com. This error may occur if multifactor or other interactive authentication policies are accidentally enabled for the synchronization account. Error Details: extendedMessage: AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '00000002-0000-0000-c000-000000000000'. Trace ID: b4184366-2377-4db8-896a-207b4b57ba00 Correlation ID: 015b0904-11df-487d-9e37-6b9931ac475c Timestamp: 2025-04-17 17:16:03Z

webException: {"error":"invalid_grant","error_description":"AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '00000002-0000-0000-c000-000000000000'. Trace ID: b4184366-2377-4db8-896a-207b4b57ba00 Correlation ID: 015b0904-11df-487d-9e37-6b9931ac475c Timestamp: 2025-04-17 17:16:03Z","error_codes":[50079],"timestamp":"2025-04-17 17:16:03Z","trace_id":"b4184366-2377-4db8-896a-207b4b57ba00","correlation_id":"015b0904-11df-487d-9e37-6b9931ac475c","error_uri":"https://login.microsoftonline.com/error?code=50079","suberror":"basic_action"}

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,631 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vigneshwar Duvva 800 Reputation points Microsoft External Staff Moderator
    2025-04-17T22:07:49.5166667+00:00

    Hello tim tavanello

    Based on the information you provided it seems that the user is blocked by Conditional Access policy.

    This happen might be the configuration change made by the admin such as a Conditional Access policy, per-user enforcement, or because the user moved to a new location, the user is required to use multi-factor authentication.

    Reference: https://learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#:~:text=to%20access%20%27%7Bresource%7D%27.-,AADSTS50079,-UserStrongAuthEnrollmentRequired%20%2D%20Due%20to

    If you are using the Conditional Access policy, please ensure that the user is not included in any Conditional Access policies that require MFA.

    Below is the similar error issue thread which helps you.
    https://learn.microsoft.com/en-us/answers/questions/1769/azure-ad-sync-error

    Hope this helps. Do let us know if you any further queries

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.