AdSyncScheduler Error

Kente622 0 Reputation points
2023-03-30T17:47:09.05+00:00

hi,

Suddenly not synchronization

Get-ADSyncScheduler

message below ;

Get-ADSyncScheduler : System.InvalidOperationException: There was an issue obtaining cloud sync intervals --->
Microsoft.Identity.Client.MsalUiRequiredException: AADSTS50079: Due to a configuration change made by your
administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access
'00000002-0000-0000-c000-000000000000'.
Trace ID: 9ff7a8e1-de1b-4e79-a9d4-c943d54e6f00
Correlation ID: 45fd7184-9ae0-4087-bed2-f0fc0dc173b9
Timestamp: 2023-03-30 17:32:08Z
   at Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AuthenticateMSAL(AzureService
azureService, String userName, SecureString password, Boolean useCachedToken, String& accessToken, String& errorCode,
String& additionalDetails, Boolean throwOnException, Boolean throwExceptionOnMFAError)
   at Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AcquireServiceToken(AzureService
azureService, String& serviceEndpoint, String& errorCode, String& additionalDetail, AuthenticationStatus& status,
Boolean throwOnException, Boolean throwExceptionOnMFAError)
   at Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AcquireServiceToken(AzureService
azureService, String& serviceEndpoint, String& additionalDetail, AuthenticationStatus& status, Boolean
throwOnException)
   at Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AcquireServiceToken(AzureService
azureService, String& additionalDetail, Boolean throwOnException)
   at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initi
alizeProvisionHelper()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.Initi
alize()
   at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.GetCo
mpanyConfiguration(Boolean includeLicenseInformation)
   at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
   --- End of inner exception stack trace ---
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
   at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , _ConfigAttrNode* pcanList, UInt32 ccanItems, Char**
syncSettingsSerialized, Char** errorString)
At line:1 char:1
+ Get-ADSyncScheduler
+ ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Microsoft.Ident...ADSyncScheduler:GetADSyncScheduler) [Get-ADSyncScheduler]
   , InvalidOperationException
    + FullyQualifiedErrorId : System.InvalidOperationException: There was an issue obtaining cloud sync intervals --->
    Microsoft.Identity.Client.MsalUiRequiredException: AADSTS50079: Due to a configuration change made by your admini
  strator, or because you moved to a new location, you must enroll in multi-factor authentication to access '0000000
 2-0000-0000-c000-000000000000'.
Trace ID: 9ff7a8e1-de1b-4e79-a9d4-c943d54e6f00
Correlation ID: 45fd7184-9ae0-4087-bed2-f0fc0dc173b9
Timestamp: 2023-03-30 17:32:08Z
       at Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AuthenticateMSAL(AzureService azureS
   ervice, String userName, SecureString password, Boolean useCachedToken, String& accessToken, String& errorCode, St
  ring& additionalDetails, Boolean throwOnException, Boolean throwExceptionOnMFAError)
       at Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AcquireServiceToken(AzureService azu
   reService, String& serviceEndpoint, String& errorCode, String& additionalDetail, AuthenticationStatus& status, Boo
  lean throwOnException, Boolean throwExceptionOnMFAError)
       at Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AcquireServiceToken(AzureService azu
   reService, String& serviceEndpoint, String& additionalDetail, AuthenticationStatus& status, Boolean throwOnExcepti
  on)
       at Microsoft.Online.Deployment.Client.Framework.MSALAuthenticationProvider.AcquireServiceToken(AzureService azu
   reService, String& additionalDetail, Boolean throwOnException)
   at Microsoft.Online.Coexistence.ProvisionHelper.GetSecurityToken()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
   InitializeProvisionHelper()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
   Initialize()
       at Microsoft.Azure.ActiveDirectory.Synchronization.ProvisioningWebServiceAdapter.ProvisioningWebServiceAdapter.
   GetCompanyConfiguration(Boolean includeLicenseInformation)
   at Microsoft.Azure.ActiveDirectory.Synchronization.AADConfig.get_CloudEnforcedSyncSchedulerInterval()
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
   --- End of inner exception stack trace ---
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
       at SchedulerUtils.GetCurrentSchedulerSettings(SchedulerUtils* , _ConfigAttrNode* pcanList, UInt32 ccanItems, Ch
   ar** syncSettingsSerialized, Char** errorString),Microsoft.IdentityManagement.PowerShell.Cmdlet.GetADSyncScheduler
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,524 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,699 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 147.9K Reputation points MVP
    2023-03-30T17:50:59.5833333+00:00

    That error indicates that the sync account is covered by a Conditional Access policy or MFA setting that is blocking it.

    Confirm its excluded from MFA.

    6 people found this answer helpful.
  2. Steffen Duelund (Ovalis) 10 Reputation points
    2023-10-19T00:35:10.1166667+00:00

    We found that a new conditional access rule was deployed that included all users.

    This also included the sync user "On-Premises Directory Synchronization Service Account".

    Editing the conditional access policy in Entra Admin Center, going to the users section in the policy, and adding this Sync user to the excluded list. Instantly fixed the issue.

    2 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.