Event 659 – Error while retrieving password policy sync configuration. System.InvalidOperationException: The ADSync service is not allowed to interact with the desktop to authenticate This error may occur if multifactor or other interactive authentication policies are accidentally enabled for the synchronization account.

Featured by dakseven, posted in Active Directory, Azure AD

If you have recently implemented MFA ( Enforced mode in your tennant). I have found that there is no much information about the Dirsync Account status. As per now if you do enforce mfa the account will be affected. Hence breaking the sync as shown

In order to resolve:

You will have to exception the “Directory sync service account from the MFA policy”. The account can be found in the last screen. ( per security reasons mine is obscured

You will have to run again the sync and ensure the services are healthy.

The script to force the sync, after the exception config you should be able to run the sync with no problems.

import-module ADSync
Start-ADSyncSyncCycle -PolicyType Delta

Published by dakseven

View all posts by dakseven

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:

Share this:

Like this:

Related

Published by dakseven

Leave a Reply Cancel reply