Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Active Directory and Office 365 Won't Sync

Posted on 2014-11-04
1
Medium Priority
?
2,491 Views
Last Modified: 2015-01-06
We use Windows Azure Active Directory Sync Service to synchronize the user accounts in our AD with Office 365.  Currently the Azure AD Sync Service is stopped and attempts to restart it have been unsuccessful.  The Event Log says it won't start because the Forefront Identity Manager Synchronization Service is not running and that the Azure AD Sync Service is dependent upon it.

Attempts to restart the FIM Aync Serivce have been unsuccessful. When attempting to start it Event ID 7024 appears in the system log in the event viewer and says "the FIM Synchronization Service failed to start with server specific error %%2149781504".  Event ID 6028 simultaneously appears in the APP log in the event viewer and says, "The server encryption keys could not be accessed.  Verify that the service account has permissions to the following registry key, hkey local machine\microsoft\forefront\2010\synchronization service."  The service account the FIM Sync service uses does have full permissions to that key.

Any information on what we can do to get the FIM Sync Service running so that the Azure AD Sync service will run would be greatly appreciated.  Thanks in advance.
0
Comment
Question by:sswmoore
1 Comment
 
LVL 44

Accepted Solution

by:
Vasil Michev (MVP) earned 2000 total points
ID: 40423892
Just reinstall it, or use the newly released AadSync tool: http://msdn.microsoft.com/en-us/library/azure/dn790204.aspx

Otherwise, check the local groups (FIMSyncAdmins and/or ADSyncAdmins) and make sure the account running the service is added .
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question