How to waste an entire afternoon!
Finally got AAD Connect installed at a Canberra government department.
remove any inspection on
fixed proxy: proxy must allow
then created a globaladmin account in AAD to use for the dirsynch, made him a subscription admin for good measure.
oh.. and on the on-premises box, the Local Policy on the box to grant run as a service.. check if Group Policy is blocking that...
Hmm.. Got failures on the setup of AAD Connect. Grrr…
Had to alter the machine.config etc. to have the proxy settings. Still no go. GRR...
AND the very last thing to get it all working
netsh winhhtp import proxy ie
now run the AAD Connect installer and it (finally) completes. Yay!
One last gotcha - password Sync was not working. Hmmm..
Turns out the account did not have appropriate AD rights, so got them to fix that.
Yay! All now works as desired.
A colleague bitten too:
"Turns out the account we were using to install the AAD connect tool wasn’t Enterprise Admin even though the service account was."