Missing groups prevents upgrade of Azure AD Connect

This is just a short blog article on a problem I experienced when upgrading Azure AD Connect from a previous version. This was a small environment where the Azure AD Connect server was running on the Domain Controller.

When starting the upgrade process I noticed that a message was displayed that a “Group with name ADSyncAdmins was not found in the Machine context”. When I clicked to Upgrade anyway, an error message was displayed that it was “Unable to upgrade the Synchronization Service”:

image

Looking into the event log, I found this error:

Product: Microsoft Azure AD Connect synchronization services — Error 25037.The groups entered do not all exist or cannot be found. Verify that each group name is correct, and then try again.

image

Since this was a Domain Controller, and there is no Local Users and Groups, I created the ADSyncAdmins group in Active Directory, as a Domain Local Security group. Trying the upgrade again, I got a new group that was missing:

image

So I ended up creating these 4 groups that was missing:

  • ADSyncAdmins
  • ADSyncBrowse
  • ADSyncOperators
  • ADSyncPasswordSet

After that I was able to successfully finish the upgrade of Azure AD Connect.

2 thoughts on “Missing groups prevents upgrade of Azure AD Connect

    1. Jan Vidar Elven Post author

      No, I didn’t need to populate the groups other than creating them, the Azure AD Connect wizard handled the rest.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s