Good morning to all,<\/p>\n

Advertisement

Close

this is my scenario:<\/p>\n

Advertisement

Close

Windows 2019 server DC<\/p>\n

Azure AD Sync tool<\/p>\n

I have correctly setup the user in my AD, installed the Azure AD Sync tool and configured it, when launched it sync correctly my AD user in Azure, but fail to sync the password.<\/p>\n

If I run the troubleshooter tools me there is this problem:<\/p>\n

Password Hash Synchronization agent is continuously getting failures for domain “XXX.it”<\/strong><\/p>\n

Please check 611 error events in the application event logs for details<\/strong><\/p>\n

The latest 611 error event for the domain “XXX.it” is generated at: 12/26/2019 10:52:54 UTC<\/strong><\/p>\n

AD Connector account had a Password Hash Synchronization permission problem for the domain “westhouse.it” at: 12/26/2019 10:52:54 UTC<\/strong><\/p>\n

In my event viewer i have this:<\/p>\n

Password hash synchronization failed for domain: XXX.it, domain controller hostname: WHI-DC.XXX.it, domain controller IP address: 169.254.113.55. Details:<\/strong><\/p>\n

Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8453 : Replication access was denied. There was an error calling _IDL_DRSGetNCChanges.<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.OnGetChanges(ReplicationState syncState)<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.GetChanges(ReplicationState replicationState)<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func1 operation, Func<\/code>1 shouldAbort, RetryPolicyHandler retryPolicy)<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.DeltaSynchronizationTask.SynchronizeCredentialsToCloud()<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)<\/strong><\/p>\n

.<\/strong><\/p>\n

<\/strong><\/p>\n

XXX.it/forest-name><\/strong><\/p>\n

96c578f6-a972-48ef-90d6-41c6604a507d<\/strong><\/p>\n

<\/strong><\/p>\n

Can anyone have the same problem?<\/p>","upvoteCount":4,"answerCount":6,"datePublished":"2019-12-26T15:54:46.000Z","author":{"@type":"Person","name":"pow3r77","url":"https://community.spiceworks.com/u/pow3r77"},"suggestedAnswer":[{"@type":"Answer","text":"

Good morning to all,<\/p>\n

this is my scenario:<\/p>\n

Windows 2019 server DC<\/p>\n

Azure AD Sync tool<\/p>\n

I have correctly setup the user in my AD, installed the Azure AD Sync tool and configured it, when launched it sync correctly my AD user in Azure, but fail to sync the password.<\/p>\n

If I run the troubleshooter tools me there is this problem:<\/p>\n

Password Hash Synchronization agent is continuously getting failures for domain “XXX.it”<\/strong><\/p>\n

Please check 611 error events in the application event logs for details<\/strong><\/p>\n

The latest 611 error event for the domain “XXX.it” is generated at: 12/26/2019 10:52:54 UTC<\/strong><\/p>\n

AD Connector account had a Password Hash Synchronization permission problem for the domain “westhouse.it” at: 12/26/2019 10:52:54 UTC<\/strong><\/p>\n

In my event viewer i have this:<\/p>\n

Password hash synchronization failed for domain: XXX.it, domain controller hostname: WHI-DC.XXX.it, domain controller IP address: 169.254.113.55. Details:<\/strong><\/p>\n

Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8453 : Replication access was denied. There was an error calling _IDL_DRSGetNCChanges.<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.OnGetChanges(ReplicationState syncState)<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.GetChanges(ReplicationState replicationState)<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func1 operation, Func<\/code>1 shouldAbort, RetryPolicyHandler retryPolicy)<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.DeltaSynchronizationTask.SynchronizeCredentialsToCloud()<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets()<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain()<\/strong><\/p>\n

at Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)<\/strong><\/p>\n

.<\/strong><\/p>\n

<\/strong><\/p>\n

XXX.it/forest-name><\/strong><\/p>\n

96c578f6-a972-48ef-90d6-41c6604a507d<\/strong><\/p>\n

<\/strong><\/p>\n

Can anyone have the same problem?<\/p>","upvoteCount":4,"datePublished":"2019-12-26T15:54:46.000Z","url":"https://community.spiceworks.com/t/azure-ad-connect-probelm-hash-sync-password/744446/1","author":{"@type":"Person","name":"pow3r77","url":"https://community.spiceworks.com/u/pow3r77"}},{"@type":"Answer","text":"

What version of the sync tool are you using? Is it the latest?<\/p>","upvoteCount":0,"datePublished":"2019-12-26T17:03:00.000Z","url":"https://community.spiceworks.com/t/azure-ad-connect-probelm-hash-sync-password/744446/2","author":{"@type":"Person","name":"FrenchToast","url":"https://community.spiceworks.com/u/FrenchToast"}},{"@type":"Answer","text":"

Yes, the lastest, all the enviroment are a fresh install, all last version. Now seems to be working, I have try to assign the user used to sync AD in Azure Sync Tool memeber of Administrator… but is strange… because the tool in the descprion of this user say that is not important that is member fo Administrator.<\/p>","upvoteCount":1,"datePublished":"2019-12-26T18:31:21.000Z","url":"https://community.spiceworks.com/t/azure-ad-connect-probelm-hash-sync-password/744446/3","author":{"@type":"Person","name":"pow3r77","url":"https://community.spiceworks.com/u/pow3r77"}},{"@type":"Answer","text":"

Try disable and enable password sync<\/p>\n

$adConnector = “”
\n$aadConnector = “”<\/p>\n

Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $false\nSet-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $true\n<\/code><\/pre>\n