Cannot manage Azure AD Connect: error 403 Microsoft_AAD_Connect_Provisioning ProvisioningManagementBlade

Pavel Lyalyakin 1 Reputation point
2022-03-22T22:41:30.693+00:00

I want to test Azure AD Connect with my test Azure AD and another AD DS domain. Whenever I click "Manage Azure AD cloud sync", I receive the following error:
[[[
You do not have permission to access this page. Guest users are not allowed to configure sync. Please use another administrator account.
Summary
Session ID
9ce5af40f4ce436a8060032c64351686
Resource ID
Not available
Extension
Microsoft_AAD_Connect_Provisioning
Content
ProvisioningManagementBlade
Error code
403
]]]

But the problem is that I'm a global administrator and my user account should have all the necessary permissions. I'm logged on to Azure Portal with a Microsoft Account that has Visual Studio Professional (MSDN) subscription with free monthly Azure credit:
[[[
Your Role:
Global administrator and 8 other roles
]]]

Am I maybe missing some special permissions?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,866 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Pavel Lyalyakin 1 Reputation point
    2022-03-22T23:17:39.837+00:00

    I've created a new user account with Global Administrator role, and it can access "Azure AD Connect cloud sync". It's still unclear to me why it does not work through my main account.

    0 comments No comments

  2. Siva-kumar-selvaraj 15,566 Reputation points
    2022-03-23T19:48:18.68+00:00

    Hello @Pavel Lyalyakin ,

    Thank you for reaching out. From your query, I understand that you are testing Azure AD connect with one of your test Azure AD tenants however getting error 403 when you click on "Manage Azure AD cloud sync" from Azure AD portal.

    Could you please confirm type of account that you used in this scenario (Guest or Member account)? because looking at above error which state that you are using Guest user for configuration. If possible, can you create a cloud-only account and then assign with Hybrid Identity Administrator role on your Azure AD? also can you confirm which AAD portal you are using to manage AD cloud sync (https://portal.azure.com or https://aad.portal.azure.com)?

    0 comments No comments