This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 88%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Hello,
Someone ended up adding the ADDS role to our Azure ad connect server.
When the server was initially setup, it was using a virtual service account for the Microsoft Azure AD sync service. See link below for details.
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/concept-adsync-service-account
The documentation above says that a virtual service account cannot be used on a domain controller. I'm thinking this is why the service will no longer start.
What is the best way to correct this issue?
I would migrate to a new server
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-import-export-config
Appreciate your time and contribution on the community forum. Thanks
NVM the link from below states the only supported method for changing the service account is to reinstall.
And since It is a DC, would be best to leave it only as a DC and not have multiple services running on it.
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/concept-adsync-service-account
Thanks for sharing your findings here, much appreciated.
Yes, supported method of changing service account is to reinstall Sync setup, because you can only set the service account on first installation. It is not supported to change the service account after the installation has been completed.
If you have any additional queries feel free to reachout to me. Thanks.
why is that? There is nothing in AD Connect documentation stating you cant have AD connect installed on a domain controller.