Azure AD Connect Provisioning Agent Cofiguration Wizard Error

James KEI 1 Reputation point
2021-01-11T21:16:11.063+00:00

Getting an issue during the installation of this application that "Object reference not set to an instance of an object". One line states that the on-prem ID is not part of the AccountEnterpriseAdminsSid group, which it is.

Here are the logs:

[14:59:26.330] [ 1] [INFO ] ================================================================================
[14:59:26.330] [ 1] [INFO ] Application starting
[14:59:26.330] [ 1] [INFO ] ================================================================================
[14:59:26.330] [ 1] [INFO ] Start Time (Local): Mon, 11 Jan 2021 14:59:26 GMT
[14:59:26.330] [ 1] [INFO ] Start Time (UTC): Mon, 11 Jan 2021 19:59:26 GMT
[14:59:26.345] [ 1] [INFO ] Application Version: 1.1.281.0
[14:59:26.345] [ 1] [INFO ] Application Build Date: 1917-05-05 12:58:59Z
[14:59:26.345] [ 1] [INFO ] Application Build Identifier: AD-ProvisioningAgent master (f6a71f3) Microsoft Azure®
[14:59:27.970] [ 1] [INFO ] IsServiceAccountGMSA:: Checking if service account is gmsa
[14:59:27.970] [ 1] [INFO ] Get current service credentials.
[14:59:28.236] [ 1] [INFO ] IsServiceAccountGMSA:: Service account: KEI\provAgentgMSA$ is a gmsa.
[14:59:28.236] [ 1] [INFO ] Get current service credentials.
[14:59:28.236] [ 1] [INFO ] IsServiceAccountGMSA:: Checking if service account is gmsa
[14:59:28.236] [ 1] [INFO ] Get current service credentials.
[14:59:28.267] [ 1] [INFO ] IsServiceAccountGMSA:: Service account: KEI\provAgentgMSA$ is a gmsa.
[14:59:28.877] [ 1] [INFO ] ConfigureAzureActiveDirectoryPageViewModel:Launching Login form.
[14:59:40.066] [ 1] [INFO ] ConfigureAzureActiveDirectoryPageViewModel:Login complete for kecloudSGA@kimballelectronics.com. Validating Global Admin status.
[14:59:40.894] [ 18] [INFO ] ConfigureAzureActiveDirectoryPageViewModel:Checking for Global Admin role for SGA@consonto.com.
[14:59:41.113] [ 1] [INFO ] ConfigureAzureActiveDirectoryPageViewModel. Validation complete. Transitioning to the next page.
[14:59:41.175] [ 1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.ActiveDirectory.SynchronizationAgent.Setup.UI.WizardPages.ConfigureActiveDirectoryPageViewModel.TestConnectivityAndGetDomains in Page:"Connect Active Directory"
[14:59:41.175] [ 1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:183
[15:00:06.268] [ 1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Start background task Microsoft.ActiveDirectory.SynchronizationAgent.Setup.UI.WizardPages.ConfigureActiveDirectoryPageViewModel.ValidateAndAddCredentials in Page:"Connect Active Directory"
[15:00:06.269] [ 1] [INFO ] ProgressWizardPageViewModel:StartProgressOperation Started Background Task Id:4215
[15:00:06.271] [ 5] [INFO ] ConfigureActiveDirectoryPageViewModel:ValidateDirectoryConnection:
[15:00:06.271] [ 5] [INFO ] Domain=domain
[15:00:06.271] [ 5] [INFO ] Username=domain\user
[15:00:08.807] [ 5] [INFO ] ActiveDirectoryProvider.GetRootDomainName: getting user root domain name
[15:00:08.807] [ 5] [INFO ] ActiveDirectoryProvider.GetRootDomainName: user root domain - forest.com
[15:00:08.807] [ 5] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: checking if domain\domainadmin has AccountEnterpriseAdminsSid privileges in forest.com
[15:00:08.947] [ 5] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: domain sid - S-1-5-21-1888283478-589684726-3733296887, group sid - S-1-5-21-1888283478-589684726-3733296887-519
[15:00:08.947] [ 5] [INFO ] ActiveDirectoryProvider.GetGroupMembershipSidsForUser: retrieving group membership SIDs from AD
[15:00:08.947] [ 5] [WARN ] ActiveDirectoryProvider.IsUserGroupMember: membership not found - user is NOT a member of the group
[15:00:08.947] [ 5] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: checking if domain\globaladmin has AccountDomainAdminsSid privileges in domain
[15:00:08.963] [ 5] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: domain sid - S-1-5-21-2153607106-2012056985-1832489699, group sid - S-1-5-21-2153607106-2012056985-1832489699-512
[15:00:08.963] [ 5] [INFO ] ActiveDirectoryProvider.GetGroupMembershipSidsForUser: retrieving group membership SIDs from AD
[15:00:08.963] [ 5] [INFO ] ActiveDirectoryProvider.IsUserGroupMember: found membership - user is a member of the group
[15:00:08.963] [ 1] [ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.ActiveDirectory.SynchronizationAgent.Setup.UI.WizardPages.ConfigureActiveDirectoryPageViewModel.<>c__DisplayClass44_0.<ValidateAndAddCredentials>b__0()
at Microsoft.ActiveDirectory.SynchronizationAgent.Setup.App.SafeInvokeAction(Action action)
[15:00:13.072] [ 1] [INFO ] Opened log file at path C:\ProgramData\Microsoft\Azure AD Connect Provisioning Agent\Trace\trace-wizard-20210111-145926.log

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,107 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anshika Choubey 336 Reputation points Microsoft Employee
    2021-01-12T04:45:52.79+00:00

    Hello @James KEI , Thank you for reaching out to us.

    Could you please help me, on which installation window of ad connect is it giving error? As i suspect it is giving error on the below window while installing...
    55575-image.png

    If Yes, Then you need to check the account permission, If you will choose" create new AD Account" option then you need to provide any account from on-Prem AD and AADConnect will automatically add that to the enterprise admin and will proceed with the installation.

    And if you will choose the option "existing ad account" option: you need to provide enterprise admin from the AD.

    Let me know if my understanding is correct or above answer help you, else kindly share the screenshot from the installation wizard and we will take it forward. Thanks.

    Reference article: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.