How to Resolve Azure AD Connect Event ID 611 오류: 비밀번호 Synchronization Failed. The following 오류 is flagged on the Azure AD Connect Server.
Event ID: 611 (Log: Application, Source: Directory Synchronization)
Level: Error
Computer: AAD.contoso.com
Description: Password synchronization failed for domain: contoso.com.
Details: Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8453 : Replication access was denied. There was an error calling _IDL_DRSGetNCChanges. at
Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsRpcConnection.OnGetChanges(ReplicationState syncState) at
Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsConnection.GetChanges(ReplicationState replicationState) at
Microsoft.Online.PasswordSynchronization.RetryUtility.ExecuteWithRetry[T](Func`1 operation, Func`1 shouldAbort, RetryPolicyHandler retryPolicy) at
Microsoft.Online.PasswordSynchronization.DeltaSynchronizationTask.SynchronizeCredentialsToCloud() at
Microsoft.Online.PasswordSynchronization.PasswordSynchronizationTask.SynchronizeSecrets() at
Microsoft.Online.PasswordSynchronization.SynchronizationExecutionContext.SynchronizeDomain() at
Microsoft.Online.PasswordSynchronization.SynchronizationManager.SynchronizeDomain(SynchronizationExecutionContext syncExecutionContext)Permissions were missing from the local Azure AD sync account.
- Replicating Directory Changes
- Replicating Directory Changes All
Resolution
Assign the missing permissions by using the ACL editor.
- Open the 액티브 디렉토리 Users and Computers snap-in;
- On theSecurity tab, 딸깍 하는 소리추가하다;
- In theSelect Users, Computers, or Groups dialog box, select the local Azure AD sync account, and then click추가하다;
- 딸깍 하는 소리좋아요 to return to thePropertiesdialog box;
- Click the local Azure AD sync account;
- Click to select theReplicating Directory Changes그리고Replicating Directory Changes All check box;
- 딸깍 하는 소리적용하다, and then click좋아요;
- Close the 액티브 디렉토리 Users and Computers snap-in.
Restart 그만큼Microsoft AD Azure Sync Service and this will resolve the issue.
메모: You will see Event ID 650 (Provision credentials batch start), 그리고 656 (비밀번호 Change Request) events logged.
