Hello @Christopher Koroluk ,
Thanks for the update.
Based on the above article, it appears that you are having problems using Azure AD connect Cloud Sync Provisioning rather than traditional Azure AD connect; please correct me if I am mistaken.
However, regardless of whether you use Cloud Sync or traditional Azure AD connect, you must have generated the KDS Root Key by using the cmdlet Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10))
as explained here prior to use the GMSA account.
If you have previously generated a KDS root key, use the Get-KdsRootKey
cmdlet to validate existing root keys on a couple of DCs to ensure there is no discrepancy due to a DC replication issue. Also, ensure the KDSSVC service is running on the Domain Controller without any problems.
Furthermore, if you are attempting to utilize an existing GMSA account, use the following cmdlet Test-ADServiceAccount -Identity serviceAccountgMSA$ = True
to test GMSA service account for sync agent.
If none of the methods listed above help you narrow down the problem, then I would recommend you to contact MS Support because this would need active troubleshooting and live data collecting to gain further understanding to determine why the KDS service is not responding.
I hope this was useful.
------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.