MSOL_AD_Sync_RichCoexistence group and account MSOL_AD_Sync still required?

SenhorDolas 1,026 Reputation points

We are Hybrid and I still have this group and AD account in my AD.
We are not using DirSync anymore as we moved to ADConnect a few years back.
Are these still required? How can check if it's applied anywhere?
Thanks, M

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,687 questions
No comments
{count} votes

Accepted answer
  1. Siva-kumar-selvaraj 15,156 Reputation points

    Hello @SenhorDolas ,

    Thanks for reaching out.

    Please find below information, hope this helps.

    MSOL_AD_Sync_RichCoexistence : This is legacy group used by DirSync and currently not used by AAD Connect. The following groups are used by AADConnect:

    • ADSyncAdmins
    • ADSyncBrowse
    • ADSyncOperators
    • ADSyncPasswordSet

    MSOL_AD_Sync account : This one is again legacy account, but I would recommend you to verify currently used AD_Sync_account by looking at Microsoft Azure AD Sync services from Sync server as shown below: This need to be verified on all Sync server in case if you have multiple ADconnect server running in your environment.

    Example: I am using MSA account in my lab:

    Here is a small PS script to check current sync account from ADConnector server:

    Get-ADSyncConnector | ?{$_.ConnectorTypeName -EQ "AD"} | select -ExpandProperty ConnectivityParameters | ? { $_.Name -eq "forest-login-user"}  

    Hope this helps

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.
    No comments

1 additional answer

Sort by: Most helpful
  1. SenhorDolas 1,026 Reputation points

    Thanks for coming back to me so fast, I will check on this next week, please stay with me. :)
    Thanks, M