Azure

How to Resolve Azure AD Connect Event ID 611 Error: Password Synchronization Failed

2 Min Read

How to Resolve Azure AD Connect Event ID 611 Error: Password Synchronization Failed. The following error is flagged on the Azure AD Connect Server.

Event ID: 611 (Log: Application, Source: Directory Synchronization)
Level: Error
Computer: AAD.contoso.com
Description: Password synchronization failed for domain: contoso.com.
Details: Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8453 : Replication access was denied. There was an error calling _IDL_DRSGetNCChanges. at
Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.OnGetChanges(ReplicationState syncState) at
Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.GetChanges(ReplicationState replicationState) at
Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy) at
Microsoft.Online.PasswordSynchronization.DeltaSynchronizationTask.SynchronizeCredentialsToCloud() at
Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets() at
Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain() at
Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)

Permissions were missing from the local Azure AD sync account.

  • Replicating Directory Changes
  • Replicating Directory Changes All

Resolution

Assign the missing permissions by using the ACL editor.

  1. Open the Active Directory Users and Computers snap-in;
  2. On the Security tab, click Add;
  3. In the Select Users, Computers, or Groups dialog box, select the local Azure AD sync account, and then click Add;
  4. Click OK to return to the Properties dialog box;
  5. Click the local Azure AD sync account;
  6. Click to select the Replicating Directory Changes and Replicating Directory Changes All check box;
  7. Click Apply, and then click OK;
  8. Close the Active Directory Users and Computers snap-in.

Restart the Microsoft AD Azure Sync Service and this will resolve the issue.

NOTE: You will see Event ID 650 (Provision credentials batch start), and 656 (Password Change Request) events logged.

TAGGED:
Previous Article How to Install Hyper-V on Windows 10: Step-by-Step Guide with GUI, CMD, and PowerShell Methods
Next Article Office Insider 1910 for Windows
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Exit mobile version