- Azure AD Connect 1.1.443.0
Hello. The purpose of this blog, is to discuss the Security Groups that are installed when installing Azure AD Connect. If you have been using versions of the Synchronization Service engine for a while, you may already be familiar with these Security Groups.
These four(4) Security Groups are installed by default when executing the installation of Azure AD Connect. If you utilize the Express Settings, these will be installed locally on the Azure AD Connect Server. You will find them in Local Users and Groups.
It is possible to make these Domain groups. A custom install will need to occur, and then select “Specify Custom Sync Groups”. The Security Groups must be created in the directory prior to executing the installation. In the “Specify Custom Sync Groups” section, specify the groups by Domain\Group Name.
If the Security Groups are not specified ahead of time, an error will be received in the installation Wizard.
|Unable to install the Synchronization Service. Please see the event log for details.|
Review the Application Event Log and notice the specific group that the install wizard was not able to locate. In this test scenario, it was Domain\ADSyncOperators.
|APPLICATON EVENT LOG|
|Log Name: Application
Date: 3/21/2017 1:48:09 PM
Event ID: 906
Task Category: None
Group ‘DOMAIN\ADSyncOperators’ was not found.
- Forefront Identity Manager 2010 R2: Using Security Groups: https://technet.microsoft.com/en-us/library/jj590183(v=ws.10).aspx
- Azure AD Connect Sync: Accounts and Permissions: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-accounts-permissions