Azure AD Hybrid Sync Agent Installation Issues - No privileges to install MSI

This troubleshooting guide focuses on when you don't have privileges to install MSI. Without these privileges, you may be unable to successfully install the Azure AD Connect Provisioning Agent.

Prerequisites

To install Cloud Provisioning Agent, the following prerequisites are required: Prerequisites for Azure AD Connect cloud sync.

No privileges to install MSI

While installing Cloud Provisioning Agent, you may get the following error:

Service 'Microsoft Azure AD Connect Provisioning Agent' (AADConnectProvisioningAgent) failed to start. Verify that you have sufficient privileges to start system services.

Screenshot of error when installing Microsoft Azure A D Connect Provisioning Agent, about how the Connect Provisioning Agent service failed to start.

To verify that you have sufficient privileges:

  1. Make sure the user context credentials are set to either Domain Administrator or Enterprise Administrator.

  2. Open the Local Security Policy snap-in (secpol.msc). In the Security Settings pane, select Local policies > User Rights Assignment. Then select the Log on as a service policy.

    Screenshot of the Local Security Policy window, highlighting the 'Log on as a service' policy.

  3. Select Action > Properties. Then in Local Security Setting, make sure the NT SERVICE\ALL SERVICES group appears.

    Screenshot of the Local Security Setting tab in the 'Log on as a service Properties' window. The 'NT SERVICE\ALL SERVICES' group should be present.

During package installation, the service AADConnectProvisioningAgent is created, and logon credentials are temporarily set to NT Service\AADConnectProvisioningAgent.

If Log on as a service doesn't have ALL SERVICES listed, the installation fails to start, and it shows the previously listed error message.

To resolve this issue, provide ALL SERVICES user rights to Log on as a service.

The wizard now completes successfully.

Contact us for help

If you have questions or need help, create a support request, or ask Azure community support.