Change AD account used in AD Connect connector

To change the user account set in Azure AD Connect follow these steps:

  • Log in to the AD Sync server
  • Run the “Synchronization Service” from the start menu
  • Go to the “Connectors” tab
  • Select the connector relative to your on-premise AD
  • Right-click it and select “Properties”
  • Click on “Connect to Active Directory Forest”
  • Here you will swap your credentials once the user is ready
  • Go into your AD DS environment and create a new user. It has to be part of the “Domain Users” group
  • Right-click the domain object (e.g. contoso.com) then “Properties”
  • Click on “Security”
  • Add the user account if not present
  • Click on the account added
  • Add the “Replicating Directory Changes” and “Replicating Directory Changes All” permissions
  • Click Apply
  • Any further permission will depend on which optional features you have enabled in your environment. To check any “special” permissions for the user refer to the following link: https://docs.microsoft.com/it-it/azure/active-directory/hybrid/reference-connect-accounts-permissions#create-the-ad-ds-connector-account
  • Swap the current user account with the new one we just created in the “Connect to Active Directory Forest” tab on the AD Connect server and click “OK”