Svr 2016 AD/Office 365 not syncing

I am experiencing an issue where my Server 2016 Active Directory and Office 365 aren't syncing.

When I sign onto the Office 365 Portal with any of the Global Admin accounts the DirSync Status says the Last directory sync was 6 hours ago and that there has been no recent Password sync (see the screenshot).

When I run the Start-ADSyncSyncCycle -PolicyType Initial Power Shell command (while logged into Office 365) within either the Microsoft Azure Active Directory Module for Windows PowerShell or the Windows PowerShell I receive the errors shown below.

I have closed, relaunched PowerShell as an administrator and then relogged into Office 365 within both the Microsoft Azure Active Directory Module for Windows PowerShell and the Windows PowerShell and have rebooted the server and continue to receive this error when trying to sync Active Directory and Office 365.

What can be done to fix this issue?

PS C:\Users\Administrator\Desktop> $UserCredential = Get-Credential

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\Users\Administrator\Desktop> Connect-MsolService -Credential $UserCredential
PS C:\Users\Administrator\Desktop> Connect-MsolService
PS C:\Users\Administrator\Desktop>
PS C:\Users\Administrator\Desktop> Start-ADSyncSyncCycle -PolicyType Initial
Start-ADSyncSyncCycle : System.Management.Automation.CmdletInvocationException:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS50034: To sign into this application the
account must be added to the domain.onmicrosoft.com directory.
Trace ID: 5673b8f9-19a2-4a95-a1cd-1ac0c55f2800
Correlation ID: 81cd8d21-8498-434e-b4ae-dcdcd2e87a96
Timestamp: 2018-01-27 04:09:53Z ---> System.Net.WebException: The remote server returned an error: (400) Bad Request.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpHelper.<SendPostRequestAndDeserializeJsonResponseAsync>d__0`1
.MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
   at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance
adalServiceResource)
   at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInstance
adalServiceResource)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.TypeD
ependencies.ProvisionHelperGetSecurityToken(ProvisionHelper provisionHelper, String userName, SecureString
userPassword)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initi
alizeProvisionHelper()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initi
alize()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetCo
mpanyConfiguration(Boolean includeLicenseInformation)
   at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
   at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , _ConfigAttrNode* pcanList, UInt32 ccanItems, Char**
syncSettingsSerialized, Char** errorString)
        ErrorCode: invalid_grant
        StatusCode: 400 ---> System.InvalidOperationException:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS50034: To sign into this application the
account must be added to the domain.onmicrosoft.com directory.
Trace ID: 5673b8f9-19a2-4a95-a1cd-1ac0c55f2800
Correlation ID: 81cd8d21-8498-434e-b4ae-dcdcd2e87a96
Timestamp: 2018-01-27 04:09:53Z ---> System.Net.WebException: The remote server returned an error: (400) Bad Request.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpHelper.<SendPostRequestAndDeserializeJsonResponseAsync>d__0`1
.MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
   at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance
adalServiceResource)
   at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInstance
adalServiceResource)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.TypeD
ependencies.ProvisionHelperGetSecurityToken(ProvisionHelper provisionHelper, String userName, SecureString
userPassword)
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initi
alizeProvisionHelper()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initi
alize()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetCo
mpanyConfiguration(Boolean includeLicenseInformation)
   at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
   at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , _ConfigAttrNode* pcanList, UInt32 ccanItems, Char**
syncSettingsSerialized, Char** errorString)
        ErrorCode: invalid_grant
        StatusCode: 400
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetSchedulerSettings(String&
settingsDeserialized, String& errorString)
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.GetADSyncScheduler.ProcessRecord()
   --- End of inner exception stack trace ---
   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
   at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
   at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
   at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input,
PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1
output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
   at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell
powerShell)
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName,
InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.SchedulerPowerShellAdapter.GetCurrentSche
dulerSettings()
   at Microsoft.MetadirectoryServices.Scheduler.Scheduler.StartSyncCycle(String overridePolicy, Boolean
interactiveMode)
   at SchedulerUtils.StartSyncCycle(SchedulerUtils* , Char* policyType, Int32 interactiveMode, Char** errorString)
At line:1 char:1
+ Start-ADSyncSyncCycle -PolicyType Initial
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Microsoft.Ident...ADSyncSyncCycle:StartADSyncSyncCycle) [Start-ADSyncSyncCy
   cle], InvalidOperationException
    + FullyQualifiedErrorId : System.Management.Automation.CmdletInvocationException: Microsoft.IdentityModel.Clients.
   ActiveDirectory.AdalServiceException: AADSTS50034: To sign into this application the account must be added to the
  domain.onmicrosoft.com directory.
Trace ID: 5673b8f9-19a2-4a95-a1cd-1ac0c55f2800
Correlation ID: 81cd8d21-8498-434e-b4ae-dcdcd2e87a96
    Timestamp: 2018-01-27 04:09:53Z ---> System.Net.WebException: The remote server returned an error: (400) Bad Reque
   st.
   at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext(
   )
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpHelper.<SendPostRequestAndDeserializeJsonResponseAsync>d
   __0`1.MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
       at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance
   adalServiceResource)
       at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInsta
   nce adalServiceResource)
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
   TypeDependencies.ProvisionHelperGetSecurityToken(ProvisionHelper provisionHelper, String userName, SecureString us
  erPassword)
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
   InitializeProvisionHelper()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
   Initialize()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
   GetCompanyConfiguration(Boolean includeLicenseInformation)
   at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
       at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , _ConfigAttrNode* pcanList, UInt32 ccanItems, Ch
   ar** syncSettingsSerialized, Char** errorString)
        ErrorCode: invalid_grant
        StatusCode: 400 ---> System.InvalidOperationException: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServic
   eException: AADSTS50034: To sign into this application the account must be added to the domain.onmicrosoft.com di
  rectory.
Trace ID: 5673b8f9-19a2-4a95-a1cd-1ac0c55f2800
Correlation ID: 81cd8d21-8498-434e-b4ae-dcdcd2e87a96
    Timestamp: 2018-01-27 04:09:53Z ---> System.Net.WebException: The remote server returned an error: (400) Bad Reque
   st.
   at System.Net.HttpWebRequest.GetResponse()
       at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext(
   )
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpHelper.<SendPostRequestAndDeserializeJsonResponseAsync>d
   __0`1.MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
       at Microsoft.Online.Coexistence.ProvisionHelper.GetADALToken(String userName, String userPassword, MSOInstance
   adalServiceResource)
       at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken(String userName, String userPassword, MSOInsta
   nce adalServiceResource)
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
   TypeDependencies.ProvisionHelperGetSecurityToken(ProvisionHelper provisionHelper, String userName, SecureString us
  erPassword)
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
   InitializeProvisionHelper()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
   Initialize()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
   GetCompanyConfiguration(Boolean includeLicenseInformation)
   at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
       at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , _ConfigAttrNode* pcanList, UInt32 ccanItems, Ch
   ar** syncSettingsSerialized, Char** errorString)
        ErrorCode: invalid_grant
        StatusCode: 400
       at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetSchedulerSettings(String&
   settingsDeserialized, String& errorString)
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.GetADSyncScheduler.ProcessRecord()
   --- End of inner exception stack trace ---
   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
       at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncIn
   voke)
       at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isS
   ync)
       at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCol
   lection`1 output, PSInvocationSettings settings)
       at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollectio
   n`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
   at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
       at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell power
   Shell)
       at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, Initial
   SessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
       at Microsoft.Azure.ActiveDirectory.Synchronization.PowerShellConfigAdapter.SchedulerPowerShellAdapter.GetCurren
   tSchedulerSettings()
       at Microsoft.MetadirectoryServices.Scheduler.Scheduler.StartSyncCycle(String overridePolicy, Boolean interactiv
   eMode)
       at SchedulerUtils.StartSyncCycle(SchedulerUtils* , Char* policyType, Int32 interactiveMode, Char** errorString)
   ,Microsoft.IdentityManagement.PowerShell.Cmdlet.StartADSyncSyncCycle

PS C:\Users\Administrator\Desktop>


O-365-AD-sync.pngDirectory-sync-status
IT GuyNetwork EngineerAsked:
Who is Participating?
 
Cliff GaliherConnect With a Mentor Commented:
You don't need to connect to office 365 in powershell to sync. And doing so doesn't help in troubleshooting. AADConnect creates a separate account just for syncing.  Based on the error  either that account got deleted on one or both ends, or the password got changed. Rerun in the AADConnect setup wizard will fix that up.
0
 
IT GuyNetwork EngineerAuthor Commented:
What are the steps to rerun the AADConnect setup wizard?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.