Microsoft recently announced and removed support for DirSync and Azure AD Sync. The upgrade path for these two is simply upgrading to Azure AD Connect. Depending on your version of software and even Windows OS, there are multiple paths that can be taken. Recently I was working with a client on upgrading their Azure AD Sync software which was installed on a Windows 2008 R2 server. Deciding that the Windows OS was also too old and support timeline was short. Also, because this was a smaller environment there was only a Windows 2012 R2 Domain Controller available.
While reviewing the event logs for the Azure AD Connect server, we noticed that there were a lot of DCOM errors. The EventID was 10016. With a bit of research I dug up an answer from a previous problem that I had had with a different issue.
In order to fix this, we need to review DCOM settings on the server where Azure AD Connect:
- Open Control Panel
- Adminstrative Tool
- Component Services
- My Computer > Right-click > Properties
- COM Security
- Under Launch and Activation Permissions – Click on Edit Limits
Original Azure AD Sync Server ‘Launch and Permissions’:
On the newly installed Azure AD Connect Server ‘Launch and Permissions’:
Notice that instead of groups a list of SIDs is displayed. Using the old server as our model we can remove the bad accounts and add the correct groups. Once added, we restarted the AD Sync services and the verified that we could now sync to the cloud.
Upgrade to Azure AD Connect