It's best to use Conditional Access based MFA when you have Azure AD Premium P1…
Find Azure AD Connect accounts
Azure AD Connect uses 3 accounts to synchronize information from Windows Server Active Directory to Azure Active Directory. You sometimes want to check if these accounts have the correct permission or write them down before migrating Azure AD Connect to another server. In this article, you will learn how to find Azure AD Connect service accounts.
Table of contents
Azure AD Connect accounts
Azure AD Connect uses the following 3 accounts to synchronize data between Active Directory (on-premises) and Azure Active Directory (cloud):
- AD DS Connector account: Read/write information to Windows Server Active Directory
- ADSync Service account: Run the synchronization service and access the SQL database
- Azure AD Connector account: Write information to Azure AD
Let’s find all 3 Azure AD service accounts and note them down.
AD DS Connector account
The AD DS Connector account, which reads/writes information to Windows Server Active Directory, can be in these two places.
Start Synchronization Service Manager on the Azure AD Connect Server. Click on Connectors > internal domain > Properties.
In our example, it’s the internal domain with the name exoip.local.
Click Connect to Active Directory Forest. The user name shows the AD DS Connector account.
In our example, it’s the user name MSOL_b3c27fcc1296.
Note: If the user name has the prefix MSOL_, Azure AD Connect created the account in Azure AD Connect setup.
Read more: Create AD DS Connector account »
ADSync Service account
The ADSync service account, which runs the synchronization service and accesses the SQL database, can be found in the following place.
Start Services (services.msc) on the Azure AD Connect Server. Double-click the service name Microsoft Azure AD Sync to open the properties.
Click on the tab Log On. This account shows the ADSync Service account.
Note: If the account name is ADSync, Azure AD Connect created the account in Azure AD Connect setup.
Azure AD Connector account
The Azure AD Connector account, which writes information to Azure AD, can be found in the following place.
Start Synchronization Service Manager on the Azure AD Connect Server. Click on Connectors > Microsoft domain > Properties.
In our example, it’s the Microsoft domain with the name M365x333525.onmicrosoft.com – AAD.
Click Connectivity. The user name shows the Azure AD Connector account.
Another way to check the Azure AD Connector account is to sign in to Microsoft 365 admin center. Navigate to Health > Directory sync status.
The Directory sync service account shows the Azure AD Connector account.
Did this help you to check the Azure AD Connect service accounts?
Keep reading: Upgrade Azure AD Connect »
Conclusion
You learned how to find Azure AD Connect accounts. There are 3 accounts, and it’s good to know where you can find them before you migrate Azure AD Connect to a new server or if there are synchronization issues.
Did you enjoy this article? You may also like Configure Azure AD Multi-Factor Authentication. Don’t forget to follow us and share this article.
What Others Are Reading
This Post Has 0 Comments