How to fix Azure AD Connect permission-issue error

Recently, I have come across this issue several times so thought I will document the fix and share with everyone.

Issue

We are trying to sync new users or update the changes using AD Connect but for some reason nothing is getting updated and there are no errors on O365 AD Connect page. Tried updating using

start-adsyncsynccylce -policytype delta and also full but no luck.

I opened Azure AD Connect Synchronization services and ran the sync and noticed there were permission errors.

Fix

  1. You need to get Msol user that is used to sync on-prem objects to Azure AD. You can search for Msol in AD OR you can look it up on connectors tab in Azure AD Synchronization service.
  2. Open ADUC – Open the properties of User having issue permission issues as per the above screenshot and go to Security tab – Advanced – Add.
  3. Click on “Select Principal” and then add the Msol user that you got in step 1.
  4. Check “Read all properties” – OK – Apply – OK.
  5. Repeat this process for all the users that are showing as permission issue and then run the sync again. It will sync successfully.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑