If you run into the following error after installing Azure AD Connect then the fix might be quite simple. There are certainly a number of in-depth articles out there concerning the synchronization service but this might be one quick step to try first.
Unable to connect to the Synchronization Service. Some possible reasons are: 1) The service is not started. 2) Your account is not a member of the required security group. See the Synchronization Service documentation for details.
If you have just installed Azure AD Connect and attempt to launch the Synchronization Service Manager, you may receive the error above. It is likely that the second bullet point regarding membership to a required security group is somewhat true.
Chances are your account has this membership but not the associated token. The fix is possibly quite simple: Log off and log on again.
It’s possible your current login session does not have your updated group membership. Once you do this launch the Synchronization Service Manager again to see if you have access.
If that does not work, then make sure your account is a member of the local ADSyncAdmins group in Computer Management on the server where Azure AD Connect is installed. You will then need to log off and on again.
Have you run into this problem? What was your fix? Drop a comment below or join the conversation on Twitter @SuperTekBoy.
Paul says
What Jochem said… As Enterprise admin and Azure Global Admin, I should know the “turn it off and back on” trick by now. I feel super stupid
Jeff Ferrell says
Excellent quick fix. Seems the software install should either say reboot OR at the least to log out and back in again!
Jochem says
Oh my.. I can’t even. Well thank you very much, you saved me from frustration but made me feel stupid at the same time.
Ahmed Jehanzeb says
That worked thanks for the tip!
Juan says
Gracias!! Efectiva la solución..
Kashif Ali says
Thank you sir, that was really quick fix….you are the super hero.
Stephen Wilkins says
My issue was the user (AAD auto created user) was not allowed to login as a service in GP on the domain and the service was not started because of this.