MSOL_AD_Sync_RichCoexistence group and account MSOL_AD_Sync still required?

Question

Hiya
We are Hybrid and I still have this group and AD account in my AD.
We are not using DirSync anymore as we moved to ADConnect a few years back.
Are these still required? How can check if it's applied anywhere?
Thanks, M

Answer 1

Hello @SenhorDolas ,

Thanks for reaching out.

Please find below information, hope this helps.

MSOL_AD_Sync_RichCoexistence : This is legacy group used by DirSync and currently not used by AAD Connect. The following groups are used by AADConnect:

• ADSyncAdmins
• ADSyncBrowse
• ADSyncOperators
• ADSyncPasswordSet

MSOL_AD_Sync account : This one is again legacy account, but I would recommend you to verify currently used AD_Sync_account by looking at Microsoft Azure AD Sync services from Sync server as shown below: This need to be verified on all Sync server in case if you have multiple ADconnect server running in your environment.

Example: I am using MSA account in my lab:

Here is a small PS script to check current sync account from ADConnector server:

Get-ADSyncConnector | ?{$_.ConnectorTypeName -EQ "AD"} | select -ExpandProperty ConnectivityParameters | ? { $_.Name -eq "forest-login-user"}  

Hope this helps

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

@sikumars-msft
Thanks for coming back to me so fast, I will check on this next week, please stay with me. :)
Thanks, M