Changing service account password breaks Azure AD Password sync

Question

So we have a need to change the password on one of our service admin accounts. However, one of the side-effects of changing that password is that it broke Azure AD password sync.

We first changed the password on the account, via the Active Directory Users and Computers interface. Then, according to the microsoft documentation, we changed the connector account password. (when we originally broke it, the Azure AD connect diagnostics pointed us at this connector account).

However, this doesn't work. We even tried creating another service account for this, added the credentials to AD Connect, and changed the old password.

We're clearly missing a step here though, so what could we be missing? I suspect that this account is tied to some other stuff, so a starting point would be good.

To add to the mix, we don't know the Azure AD Sync Service account password, so we can't get into the connector app.

Answer 1

To add to the mix, we don't know the Azure AD Sync Service account password, so we can't get into the connector app.

I don't understand what you mean. You don't need to know the service account password to launch the Azure AD Connect Synchronization Service console. Try this:

On your Azure AD Connect server launch the Azure AD Connect Synchronization Service console.

Switch to the Connectors tab.

Select the local Active Directory Domain Services connector.

Click Properties in the Action pane.

Select the “Connect to Active Directory Forest” setting.

Enter the new password into the password field and click OK.

Open an elevated Powershell prompt and type the command “Import-Module ADSync” and press enter.

Type “Start-ADSyncSyncCycle -PolicyType Delta” and press enter.

In the Azure AD Connect Synchronization Service console switch to the Operations tab and watch the sync cycle. If it's successful, you'll see it. If not, you'll see why.