Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The AD DS connector account refers to the user account used by Microsoft Entra Connect to communicate with on-premises Active Directory. If you change the password of the AD DS connector account in AD, you must update Microsoft Entra Connect Synchronization Service with the new password. Otherwise, the Synchronization can no longer synchronize correctly with the on-premises Active Directory and you'll encounter the following errors:
In the Synchronization Service Manager, any import or export operation with on-premises AD fails with no-start-credentials error.
Under Windows Event Viewer, the application event log contains an error with Event ID 6000 and message 'The management agent "contoso.com" failed to run because the credentials were invalid'.
To update the Synchronization Service with the new password:
Start the Synchronization Service Manager (START → Synchronization Service).
Go to the Connectors tab.
Select the AD Connector that corresponds to the AD DS connector account for which its password was changed.
Under Actions, select Properties.
In the pop-up dialog, select Connect to Active Directory Forest:
Enter the new password of the AD DS connector account in the Password textbox.
Click OK to save the new password and close the pop-up dialog.
Restart the Microsoft Entra ID Sync service under Windows Service Control Manager. This is to ensure that any reference to the old password is removed from the memory cache.
Overview topics