Find Azure AD Connect accounts

Azure AD Connect uses 3 accounts to synchronize information between Windows Server Active Directory and Azure Active Directory. You sometimes want to check if these Azure AD Connect accounts have the correct permission or write them down before migrating Azure AD Connect to another server. In this article, you will learn how to find Azure AD Connect service accounts.

Table of contents

Azure AD Connect accounts

Azure AD Connect uses the following 3 accounts to synchronize data between Active Directory (on-premises) and Azure Active Directory (cloud):

  1. AD DS Connector account: Read/write information to Windows Server Active Directory
  2. ADSync Service account: Run the synchronization service and access the SQL database
  3. Azure AD Connector account: Write information to Azure AD
Find Azure AD Connect three accounts

Let’s find all 3 Azure AD service accounts and note them down.

Find AD DS Connector account

The AD DS Connector account, which reads/writes information to Windows Server Active Directory, can be found in these two places.

Method 1: Synchronization Service Manager

Find the AD DS Connector account in Synchronization Service Manager:

  1. Sign in on the Azure AD Connect Server.
  2. Start Synchronization Service Manager.
  3. Click on Connectors.
  4. Select the internal domain.
  5. Click on Properties.

In our example, it’s the internal domain exoip.local.

Find Azure AD Connect accounts Synchronization Service Manager internal domain
  1. Click Connect to Active Directory Forest.
  2. The user name field shows the AD DS Connector account.

In our example, the AD DS Connector account is MSOL_b3c27fcc1296.

Note: If the user name has the prefix MSOL_, Azure AD Connect created the account in Azure AD Connect setup.

Find AD DS Connector account

Read more in the articles Create AD DS Connector account and Change AD DS Connector account.

Method 2: Azure Active Directory Connect

Another way to check the AD DS Connector account is in Azure Active Directory Connect:

  1. Sign in on the Azure AD Connect Server.
  2. Start Azure AD Connect.
  3. Click View or export current configuration.
  4. Click Next.
Find Azure AD Connect accounts view or export current configuration
  1. The ACCOUNT property shows the AD DS Connector account.

In our example, the AD DS Connector account is MSOL_b3c27fcc1296.

Find ADSync Service account

The ADSync service account, which runs the synchronization service and accesses the SQL database, can be found in the following place:

  1. Sign in on the Azure AD Connect Server.
  2. Start Services (services.msc).
  3. Double-click the service name Microsoft Azure AD Sync to open the properties.
Microsoft Azure AD Sync service
  1. Click on the tab Log On.
  2. The this account field shows the ADSync Service account.

In our example, the ADSync Service account is ADSync.

Note: If the account name is ADSync or starts with ADSync, Azure AD Connect created the account in Azure AD Connect setup.

Find Azure AD Connect ADSync Service account

Find Azure AD Connector account

The Azure AD Connector account, which writes information to Azure AD, can be found in the following two places.

Method 1: Synchronization Service Manager

  1. Sign in to the Azure AD Connect server.
  2. Start Synchronization Service Manager.
  3. Click on Connectors.
  4. Select the Microsoft domain (.onmicrosoft.com)
  5. Click on Properties.

In our example, it’s the Microsoft domain M365x333525.onmicrosoft.com – AAD.

Find Azure AD Connect accounts Synchronization Service Manager Microsoft domain
  1. Click on Connectivity.
  2. The UserName field shows the Azure AD Connector account.

In our example, the Azure AD Connector account starts with Sync_AAD01-2012.

Find Azure AD Connector account

Read more in the articles Change Azure AD Connector account and How to Remove On-Premises Directory Synchronization Service Account.

Method 2: Microsoft 365 admin center

Another way to check the Azure AD Connector account is in Microsoft 365 admin center:

  1. Sign in to Microsoft 365 admin center.
  2. Expand Health and click on Directory sync status.
  3. The Directory sync service account field shows the Azure AD Connector account.

In our example, the Azure AD Connector account starts with Sync_AAD01-2012.

Find Azure AD Connector account in Microsoft 365 admin center

Did this help you to check the Azure AD Connect service accounts?

Keep reading: Upgrade Azure AD Connect »

Conclusion

You learned how to find Azure AD Connect accounts. There are 3 accounts, and it’s good to know where you can find them before you migrate Azure AD Connect to a new server or if there are synchronization issues.

Did you enjoy this article? You may also like Configure Azure AD Multi-Factor Authentication. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has 2 Comments

  1. Hi Ali,
    Thanks for the article. Where can I find this account “Sync_AAD01-2012” in the server as it stated that “Synced from on-premises”?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *