none
Caught exception while creating synchronization account. Exception Data (Raw): System.DirectoryServices.DirectoryServicesCOMException (0x8007202F): A constraint violation occurred

    Question

  • After installation de Azure AD connect, I receive error message below.

    At the firewall i created a HTTPS rule for this server without proxy, just open port 443 to external.

    service account is member of enterprise administrator AD group, and included in the local administrator group of this server.

    Please help:

    [09:31:29.055] [  1] [INFO ] 

    [09:31:29.055] [  1] [INFO ] ================================================================================
    [09:31:29.055] [  1] [INFO ] Application starting
    [09:31:29.055] [  1] [INFO ] ================================================================================
    [09:31:29.055] [  1] [INFO ] Start Time (Local): Fri, 17 Mar 2017 09:31:29 GMT
    [09:31:29.055] [  1] [INFO ] Start Time (UTC): Fri, 17 Mar 2017 08:31:29 GMT
    [09:31:29.055] [  1] [INFO ] Application Version: 1.1.443.0
    [09:31:29.055] [  1] [INFO ] Application Build Date: 2017-03-01 03:19:25Z
    [09:31:29.055] [  1] [INFO ] Application Build Identifier: AD-IAM-HybridSync master (b3b73fc)
    [09:31:29.477] [  1] [INFO ] machine.config path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config.
    [09:31:29.492] [  1] [INFO ] Default Proxy [ProxyAddress]: <Unspecified>
    [09:31:29.492] [  1] [INFO ] Default Proxy [UseSystemDefault]: Unspecified
    [09:31:29.492] [  1] [INFO ] Default Proxy [BypassOnLocal]: Unspecified
    [09:31:29.492] [  1] [INFO ] Default Proxy [Enabled]: True
    [09:31:29.492] [  1] [INFO ] Default Proxy [AutoDetect]: Unspecified
    [09:31:29.523] [  1] [INFO ] AADConnect changes ALLOWED: Successfully acquired the configuration change mutex.
    [09:31:29.570] [  1] [INFO ] RootPageViewModel.GetInitialPages: Beginning detection for creating initial pages.
    [09:31:29.586] [  1] [INFO ] Checking if machine version is 6.1.7601 or higher
    [09:31:29.617] [  1] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
    [09:31:29.617] [  1] [INFO ] Password Sync supported: 'True'
    [09:31:29.633] [  1] [INFO ] DetectInstalledComponents stage: The installed OS SKU is 8
    [09:31:29.758] [  1] [INFO ] ServiceControllerProvider: GetServiceStartMode(seclogon) is 'Manual'.
    [09:31:29.773] [  1] [INFO ] DetectInstalledComponents stage: Checking install context.
    [09:31:29.789] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
    [09:31:29.789] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:29.805] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {03c97135-0e31-4334-9215-63827d4f07d4}: no registered products found.
    [09:31:29.805] [  1] [INFO ] Determining installation action for Microsoft Online Services Sign-In Assistant for IT Professionals (03c97135-0e31-4334-9215-63827d4f07d4)
    [09:31:29.805] [  1] [INFO ] Product Microsoft Online Services Sign-In Assistant for IT Professionals is not installed.
    [09:31:29.805] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
    [09:31:29.805] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:29.805] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: no registered products found.
    [09:31:29.805] [  1] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell
    [09:31:29.961] [  1] [INFO ] CheckInstallationState: Packaged version (1.1.443.0), Installed version (0.0.0).
    [09:31:29.961] [  1] [INFO ] CheckInstallationState: AAD PowerShell will be extracted (1.1.443.0 > 0.0.0).
    [09:31:29.961] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
    [09:31:29.961] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:29.961] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
    [09:31:29.961] [  1] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
    [09:31:29.961] [  1] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
    [09:31:29.961] [  1] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
    [09:31:29.961] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Directory Sync Tool
    [09:31:29.961] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:29.961] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
    [09:31:29.961] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
    [09:31:29.961] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
    [09:31:29.977] [  1] [INFO ] Determining installation action for Microsoft Directory Sync Tool UpgradeCodes {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}, {dc9e604e-37b0-4efc-b429-21721cf49d0d}
    [09:31:29.977] [  1] [INFO ] DirectorySyncComponent: Product Microsoft Directory Sync Tool is not installed.
    [09:31:29.977] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Sync Engine
    [09:31:29.977] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:29.977] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {545334d7-13cd-4bab-8da1-2775fa8cf7c2}: no registered products found.
    [09:31:29.977] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {dc9e604e-37b0-4efc-b429-21721cf49d0d}: no registered products found.
    [09:31:29.977] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {bef7e7d9-2ac2-44b9-abfc-3335222b92a7}: no registered products found.
    [09:31:29.977] [  1] [INFO ] Determining installation action for Azure AD Sync Engine (545334d7-13cd-4bab-8da1-2775fa8cf7c2)
    [09:31:30.086] [  1] [INFO ] Product Azure AD Sync Engine is not installed.
    [09:31:30.086] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Synchronization Agent
    [09:31:30.086] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:30.086] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {3cd653e3-5195-4ff2-9d6c-db3dacc82c25}: no registered products found.
    [09:31:30.086] [  1] [INFO ] Determining installation action for Azure AD Connect Synchronization Agent (3cd653e3-5195-4ff2-9d6c-db3dacc82c25)
    [09:31:30.086] [  1] [INFO ] Product Azure AD Connect Synchronization Agent is not installed.
    [09:31:30.086] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect Health agent for sync
    [09:31:30.086] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:30.086] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {114fb294-8aa6-43db-9e5c-4ede5e32886f}: no registered products found.
    [09:31:30.086] [  1] [INFO ] Determining installation action for Azure AD Connect Health agent for sync (114fb294-8aa6-43db-9e5c-4ede5e32886f)
    [09:31:30.086] [  1] [INFO ] Product Azure AD Connect Health agent for sync is not installed.
    [09:31:30.086] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure AD Connect agent
    [09:31:30.086] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:30.086] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {a8b03820-e701-44d7-b65e-6ffbb866a861}: no registered products found.
    [09:31:30.086] [  1] [INFO ] Determining installation action for Azure AD Connect agent (a8b03820-e701-44d7-b65e-6ffbb866a861)
    [09:31:30.086] [  1] [INFO ] Product Azure AD Connect agent is not installed.
    [09:31:30.086] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Command Line Utilities
    [09:31:30.086] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:30.086] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {52446750-c08e-49ef-8c2e-1e0662791e7b}: no registered products found.
    [09:31:30.086] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Command Line Utilities (52446750-c08e-49ef-8c2e-1e0662791e7b)
    [09:31:30.086] [  1] [INFO ] Product Microsoft SQL Server 2012 Command Line Utilities is not installed.
    [09:31:30.086] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Express LocalDB
    [09:31:30.086] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:30.086] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {c3593f78-0f11-4d8d-8d82-55460308e261}: no registered products found.
    [09:31:30.086] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Express LocalDB (c3593f78-0f11-4d8d-8d82-55460308e261)
    [09:31:30.086] [  1] [INFO ] Product Microsoft SQL Server 2012 Express LocalDB is not installed.
    [09:31:30.086] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft SQL Server 2012 Native Client
    [09:31:30.086] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:30.086] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {1d2d1fa0-e158-4798-98c6-a296f55414f9}: no registered products found.
    [09:31:30.086] [  1] [INFO ] Determining installation action for Microsoft SQL Server 2012 Native Client (1d2d1fa0-e158-4798-98c6-a296f55414f9)
    [09:31:30.086] [  1] [INFO ] Product Microsoft SQL Server 2012 Native Client is not installed.
    [09:31:30.086] [  1] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure AD Connect Azure AD Connector
    [09:31:30.086] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:30.086] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {fb3feca7-5190-43e7-8d4b-5eec88ed9455}: no registered products found.
    [09:31:30.086] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connect Azure AD Connector (fb3feca7-5190-43e7-8d4b-5eec88ed9455)
    [09:31:30.086] [  1] [INFO ] Product Microsoft Azure AD Connect Azure AD Connector is not installed.
    [09:31:30.086] [  1] [INFO ] Determining installation action for Microsoft Azure AD Connection Tool.
    [09:31:30.180] [  1] [WARN ] Failed to read DisplayName registry key: An error occurred while executing the 'Get-ItemProperty' command. Cannot find path 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MicrosoftAzureADConnectionTool' because it does not exist.
    [09:31:30.180] [  1] [INFO ] Product Microsoft Azure AD Connection Tool is not installed.
    [09:31:30.180] [  1] [INFO ] Performing direct lookup of upgrade codes for: Azure Active Directory Connect
    [09:31:30.180] [  1] [VERB ] Getting list of installed packages by upgrade code
    [09:31:30.180] [  1] [INFO ] GetInstalledPackagesByUpgradeCode {d61eb959-f2d1-4170-be64-4dc367f451ea}: verified product code {5930d671-f048-45ca-8719-25c51899e376}.
    [09:31:30.180] [  1] [VERB ] Package=Microsoft Azure AD Connect, Version=1.1.443.0, ProductCode=5930d671-f048-45ca-8719-25c51899e376, UpgradeCode=d61eb959-f2d1-4170-be64-4dc367f451ea
    [09:31:30.180] [  1] [INFO ] Determining installation action for Azure Active Directory Connect (d61eb959-f2d1-4170-be64-4dc367f451ea)
    [09:31:30.180] [  1] [INFO ] Product Azure Active Directory Connect (version 1.1.443.0) is installed.
    [09:31:30.180] [  1] [INFO ] Checking for DirSync conditions.
    [09:31:30.180] [  1] [INFO ] DirSync not detected. Checking for AADSync/AADConnect upgrade conditions.
    [09:31:30.180] [  1] [INFO ] Sync engine is not present. Performing clean install.
    [09:31:38.414] [  1] [INFO ] Page transition from "Welcome" [LicensePageViewModel] to "Express Settings" [ExpressSettingsPageViewModel]
    [09:31:38.805] [  1] [INFO ] App Properties/Metrics:
    [09:31:38.805] [  1] [INFO ]    Runtime.Start=2017-03-17T09:31:29+01:00
    [09:31:38.805] [  1] [INFO ]    Application.Version=1.1.0.0-1488338365
    [09:31:38.805] [  1] [INFO ]    Application.IsDebugBuild=False
    [09:31:38.805] [  1] [INFO ]    Environment.OperatingSystem.VersionString=Microsoft Windows NT 6.2.9200.0
    [09:31:38.805] [  1] [INFO ]    Environment.OperatingSystem.Platform=Win32NT
    [09:31:38.805] [  1] [INFO ]    Environment.OperatingSystem.ServicePack=
    [09:31:38.805] [  1] [INFO ]    Environment.OperatingSystem.ProductType=Server
    [09:31:38.805] [  1] [INFO ]    Environment.OperatingSystem.Sku=8
    [09:31:38.805] [  1] [INFO ]    Environment.OperatingSystem.Language=0413
    [09:31:38.805] [  1] [INFO ]    Runtime.PerformConfiguration.Result=NotStarted
    [09:31:38.805] [  1] [INFO ]    Environment.Computer.Make=vmware, inc.
    [09:31:38.805] [  1] [INFO ]    Environment.Computer.Model=vmware virtual platform
    [09:31:38.805] [  1] [INFO ]    Environment.OperatingSystem.IsDomainJoined=True
    [09:31:38.805] [  1] [INFO ]    Runtime.SyncEngine.InstallState=InstallRequired
    [09:31:38.805] [  1] [INFO ]    Runtime.SyncEngine.InstallResult=NotStarted
    [09:31:38.805] [  1] [INFO ]    Runtime.InitialDetectionResult=InstallSyncEngine
    [09:31:38.805] [  1] [INFO ]    Runtime.WizardPageFlow=NewScenario
    [09:31:38.805] [  1] [INFO ]    Runtime.EncodedPageNavigationBytes=AQkA
    [09:31:38.805] [  1] [INFO ]    Runtime.EncodedHelpLinkUsageBytes=
    [09:31:38.805] [  9] [INFO ] Starting Telemetry Send
    [09:31:38.820] [  1] [INFO ] Starting a background thread in Express Settings. Background Task Id: 217.
    [09:31:38.852] [  8] [INFO ] Checking if machine version is 6.1.7601 or higher
    [09:31:38.852] [  8] [INFO ] The current operating system version is 6.3.9600, the requirement is 6.1.7601.
    [09:31:38.852] [  8] [INFO ] Password Sync supported: 'True'
    [09:31:38.883] [  1] [INFO ] Express Settings install is supported: domain-joined + OS version allowed.
    [09:31:46.272] [  1] [INFO ] Express Settings:  Updating page flow for EXPRESS mode install.
    [09:31:46.274] [  1] [INFO ] Called SetWizardMode(ExpressInstall, True)
    [09:31:46.349] [  1] [INFO ] Starting a background thread in Express Settings. Background Task Id: 1367.
    [09:31:46.407] [  7] [INFO ] Starting a background thread in Install required components. Background Task Id: 1396.
    [09:31:46.547] [  9] [INFO ] SyncEngineSetupViewModel: Validating sync engine settings.
    [09:31:46.559] [  9] [INFO ] Starting Sync Engine installation
    [09:31:46.562] [  9] [INFO ] Starting Prerequisite installation
    [09:31:46.565] [  9] [VERB ] WorkflowEngine created
    [09:31:46.571] [  9] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Online Services Sign-In Assistant for IT Professionals
    [09:31:46.571] [  9] [VERB ] Getting list of installed packages by upgrade code
    [09:31:46.571] [  9] [INFO ] GetInstalledPackagesByUpgradeCode {03c97135-0e31-4334-9215-63827d4f07d4}: no registered products found.
    [09:31:46.571] [  9] [INFO ] Determining installation action for Microsoft Online Services Sign-In Assistant for IT Professionals (03c97135-0e31-4334-9215-63827d4f07d4)
    [09:31:46.571] [  9] [INFO ] Product Microsoft Online Services Sign-In Assistant for IT Professionals is not installed.
    [09:31:46.571] [  9] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Azure Active Directory Module for Windows PowerShell
    [09:31:46.571] [  9] [VERB ] Getting list of installed packages by upgrade code
    [09:31:46.571] [  9] [INFO ] GetInstalledPackagesByUpgradeCode {bbf5d0bf-d8ae-4e66-91ab-b7023c1f288c}: no registered products found.
    [09:31:46.571] [  9] [INFO ] Determining installation action for Microsoft Azure Active Directory Module for Windows PowerShell
    [09:31:46.745] [  9] [INFO ] CheckInstallationState: Packaged version (1.1.443.0), Installed version (0.0.0).
    [09:31:46.745] [  9] [INFO ] CheckInstallationState: AAD PowerShell will be extracted (1.1.443.0 > 0.0.0).
    [09:31:46.746] [  9] [INFO ] Performing direct lookup of upgrade codes for: Microsoft Visual C++ 2013 Redistributable Package
    [09:31:46.746] [  9] [VERB ] Getting list of installed packages by upgrade code
    [09:31:46.746] [  9] [INFO ] GetInstalledPackagesByUpgradeCode {20400cf0-de7c-327e-9ae4-f0f38d9085f8}: verified product code {a749d8e6-b613-3be3-8f5f-045c84eba29b}.
    [09:31:46.746] [  9] [VERB ] Package=Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005, Version=12.0.21005, ProductCode=a749d8e6-b613-3be3-8f5f-045c84eba29b, UpgradeCode=20400cf0-de7c-327e-9ae4-f0f38d9085f8
    [09:31:46.746] [  9] [INFO ] Determining installation action for Microsoft Visual C++ 2013 Redistributable Package (20400cf0-de7c-327e-9ae4-f0f38d9085f8)
    [09:31:46.746] [  9] [INFO ] Product Microsoft Visual C++ 2013 Redistributable Package (version 12.0.21005) is installed.
    [09:31:46.762] [  9] [VERB ] Created task 97f98fc5-58b5-4e5d-97fc-e62c1edd764e with name Install Prerequisites
    [09:31:46.775] [  9] [VERB ] Created task 91b870cb-fedb-43a2-a367-e7fdd0e03125 with name Uninstall Microsoft Online Sign-In Assistant
    [09:31:46.776] [  9] [VERB ] Created task 53ff587b-bbaa-4e03-adf0-18bfa3d06d3f with name Install Microsoft Online Sign-In Assistant
    [09:31:46.777] [  9] [VERB ] Created task e8598c10-c9f7-4cb8-82e8-47fe1330a460 with name Uninstall Microsoft Online PowerShell Module
    [09:31:46.778] [  9] [VERB ] Created task c2f7d2d2-c5a2-4f4f-ae21-13d0b5c9ab6b with name Install Microsoft Online PowerShell Module
    [09:31:46.779] [  9] [VERB ] Created task f5a85a41-85b9-40ca-82f8-d75f95bd96b8 with name Install Visual C++ Redistributable for Visual Studio 2013
    [09:31:46.787] [  9] [VERB ] Executing task Install Prerequisites
    [09:31:46.790] [  9] [VERB ] Waiting for task to complete: Install Prerequisites
    [09:31:46.808] [ 15] [VERB ] Executing task Uninstall Microsoft Online Sign-In Assistant
    [09:31:46.817] [ 16] [INFO ] Task 'Uninstall Microsoft Online Sign-In Assistant' has finished execution
    [09:31:46.820] [ 15] [INFO ] Task 'Uninstall Microsoft Online Sign-In Assistant' finished successfully
    [09:31:46.820] [ 15] [VERB ] Executing task Install Microsoft Online Sign-In Assistant
    [09:31:51.121] [ 17] [INFO ] Task 'Install Microsoft Online Sign-In Assistant' has finished execution
    [09:31:51.121] [ 15] [INFO ] Task 'Install Microsoft Online Sign-In Assistant' finished successfully
    [09:31:51.121] [ 15] [VERB ] Executing task Uninstall Microsoft Online PowerShell Module
    [09:31:51.121] [ 18] [INFO ] Task 'Uninstall Microsoft Online PowerShell Module' has finished execution
    [09:31:51.121] [ 15] [INFO ] Task 'Uninstall Microsoft Online PowerShell Module' finished successfully
    [09:31:51.121] [ 15] [VERB ] Executing task Install Microsoft Online PowerShell Module
    [09:31:54.418] [ 19] [INFO ] Task 'Install Microsoft Online PowerShell Module' has finished execution
    [09:31:54.418] [ 15] [INFO ] Task 'Install Microsoft Online PowerShell Module' finished successfully
    [09:31:54.418] [ 15] [VERB ] Executing task Install Visual C++ Redistributable for Visual Studio 2013
    [09:31:54.418] [ 20] [INFO ] Task 'Install Visual C++ Redistributable for Visual Studio 2013' has finished execution
    [09:31:54.418] [ 15] [INFO ] Task 'Install Visual C++ Redistributable for Visual Studio 2013' finished successfully
    [09:31:54.418] [ 15] [INFO ] Task 'Install Prerequisites' has finished execution
    [09:31:54.434] [  9] [VERB ] Waited 0:00:07.6442997 for task to complete: Install Prerequisites
    [09:31:54.434] [  1] [INFO ] Page transition from "Express Settings" [ExpressSettingsPageViewModel] to "Connect to Azure AD" [AzureTenantPageViewModel]
    [09:31:54.606] [  1] [WARN ] Failed to read IAzureActiveDirectoryContext.AzureADUsername registry key: An error occurred while executing the 'Get-ItemProperty' command. Property IAzureActiveDirectoryContext.AzureADUsername does not exist at path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Azure AD Connect.
    [09:31:54.606] [  1] [INFO ] Property Username failed validation with error The Microsoft Azure account name cannot be empty.
    [09:32:07.733] [  1] [INFO ] Property Password failed validation with error A Microsoft Azure password is required.
    [09:32:11.066] [  7] [INFO ] AzureTenantPage: Beginning Windows Azure tenant credentials validation.
    [09:32:11.120] [  7] [INFO ] DiscoverAzureInstance [Worldwide]: authority=https://login.windows.net/aafmbv.onmicrosoft.com, awsServiceResource=https://graph.windows.net.
    [09:32:11.323] [  7] [INFO ] Authenticate: ADAL authentication is enabled.
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:11:  - AuthenticationContext: ADAL .NET with assembly version '2.26.0.0', file version '2.26.30510.2204' and informational version 'a7d6e508b4f87979eed7a45414e6149daeccce4f' is running...
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:11:  - TokenCache: Clearing Cache :- 0 items to be removed
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:11:  - TokenCache: Successfully Cleared Cache
    [09:32:11.354] [  7] [INFO ] Authenticate-ADAL: acquiring token using explicit tenant credentials.
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:11: 8c1d776e-e93d-4b30-a542-529a77a75f29 - AcquireTokenHandlerBase: === Token Acquisition started:
    Authority: https://login.windows.net/aafmbv.onmicrosoft.com/
    Resource: https://graph.windows.net
    ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
    CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (0 items)
    Authentication Target: User

    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:11: 8c1d776e-e93d-4b30-a542-529a77a75f29 - TokenCache: Looking up cache for a token...
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:11: 8c1d776e-e93d-4b30-a542-529a77a75f29 - TokenCache: No matching token was found in the cache
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:11: 8c1d776e-e93d-4b30-a542-529a77a75f29 - <CreateByDiscoveryAsync>d__0: Sending user realm discovery request to 'https://login.windows.net/common/UserRealm/aafmbv@aafmbv.onmicrosoft.com?api-version=1.0'
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:11: 8c1d776e-e93d-4b30-a542-529a77a75f29 - <PreTokenRequest>d__4: User with hash 'q1ZdyciN0JKConB7RLIEENensEHLQMVFdMFDgDDJVWE=' detected as 'Managed'
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:12: 8c1d776e-e93d-4b30-a542-529a77a75f29 - TokenCache: Storing token in the cache...
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:12: 8c1d776e-e93d-4b30-a542-529a77a75f29 - TokenCache: An item was stored in the cache
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:12: 8c1d776e-e93d-4b30-a542-529a77a75f29 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
    Access Token Hash: xiVJTEGdmOFqNEBZCajFMOZeM4kM4uOConQx+I489dU=
    Refresh Token Hash: n/OjI3StN68W5byKYpt1mEt3uD6XhP/z161lT1pd8dY=
    Expiration Time: 03/17/2017 09:32:11 +00:00
    User Hash: T3MPzDytcZ4VqBi1sb65VDNbcArheRXEZ7unbv6TvpU=

    [09:32:12.260] [  7] [INFO ] Authenticate-ADAL: retrieving company configuration for tenant=a95e306e-8ed6-4f0a-b9d1-2079f7cf45ca.
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:12: 59300190-94ad-4345-8b17-698f2c36f9f3 - AcquireTokenHandlerBase: === Token Acquisition started:
    Authority: https://login.windows.net/aafmbv.onmicrosoft.com/
    Resource: https://graph.windows.net
    ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
    CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
    Authentication Target: User

    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:12: 59300190-94ad-4345-8b17-698f2c36f9f3 - TokenCache: Looking up cache for a token...
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:12: 59300190-94ad-4345-8b17-698f2c36f9f3 - TokenCache: An item matching the requested resource was found in the cache
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:12: 59300190-94ad-4345-8b17-698f2c36f9f3 - TokenCache: 59.9822916183333 minutes left until token in cache expires
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:12: 59300190-94ad-4345-8b17-698f2c36f9f3 - TokenCache: A matching item (access token or refresh token or both) was found in the cache
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:12: 59300190-94ad-4345-8b17-698f2c36f9f3 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
    Access Token Hash: xiVJTEGdmOFqNEBZCajFMOZeM4kM4uOConQx+I489dU=
    Refresh Token Hash: n/OjI3StN68W5byKYpt1mEt3uD6XhP/z161lT1pd8dY=
    Expiration Time: 03/17/2017 09:32:11 +00:00
    User Hash: T3MPzDytcZ4VqBi1sb65VDNbcArheRXEZ7unbv6TvpU=

    [09:32:13.245] [  7] [INFO ] Authenticate: tenantId=(a95e306e-8ed6-4f0a-b9d1-2079f7cf45ca), IsDirSyncing=False, IsPasswordSyncing=False, DomainName=, DirSyncFeatures=0, AllowedFeatures=None.
    [09:32:13.479] [  7] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/aafmbv.onmicrosoft.com, AdalResource=https://graph.windows.net.
    [09:32:13.479] [  7] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:13: fc15866f-fac8-4504-91e8-3d1e1dd2a7fb - AcquireTokenHandlerBase: === Token Acquisition started:
    Authority: https://login.windows.net/aafmbv.onmicrosoft.com/
    Resource: https://graph.windows.net
    ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
    CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
    Authentication Target: User

    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:13: fc15866f-fac8-4504-91e8-3d1e1dd2a7fb - TokenCache: Looking up cache for a token...
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:13: fc15866f-fac8-4504-91e8-3d1e1dd2a7fb - TokenCache: An item matching the requested resource was found in the cache
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:13: fc15866f-fac8-4504-91e8-3d1e1dd2a7fb - TokenCache: 59.9625000366667 minutes left until token in cache expires
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:13: fc15866f-fac8-4504-91e8-3d1e1dd2a7fb - TokenCache: A matching item (access token or refresh token or both) was found in the cache
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:13: fc15866f-fac8-4504-91e8-3d1e1dd2a7fb - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
    Access Token Hash: xiVJTEGdmOFqNEBZCajFMOZeM4kM4uOConQx+I489dU=
    Refresh Token Hash: n/OjI3StN68W5byKYpt1mEt3uD6XhP/z161lT1pd8dY=
    Expiration Time: 03/17/2017 09:32:11 +00:00
    User Hash: T3MPzDytcZ4VqBi1sb65VDNbcArheRXEZ7unbv6TvpU=

    [09:32:13.479] [  7] [INFO ] AzureTenantPage: attempting to connect to Azure via AAD PowerShell.
    [09:32:13.479] [  7] [INFO ] ConnectMsolService: connecting using an AccessToken.
    AzureADConnect.exe Information: 0 : 17-3-2017 08:32:13:  - AuthenticationContext: ADAL .NET with assembly version '2.23.0.0', file version '2.23.30226.1847' and informational version '0b5f258db72d0632d3693d262acbf77b634e9136' is running...
    [09:32:14.479] [  7] [INFO ] AzureTenantPage: successfully connected to Azure via AAD PowerShell.
    [09:32:15.526] [  7] [INFO ] AzureTenantPage: Successfully retrieved company information for tenant a95e306e-8ed6-4f0a-b9d1-2079f7cf45ca.  Initial domain (aafmbv.onmicrosoft.com).
    [09:32:15.526] [  7] [INFO ] AzureTenantPage: DirectorySynchronizationEnabled=False
    [09:32:15.541] [  7] [INFO ] AzureTenantPage: DirectorySynchronizationStatus=Disabled
    [09:32:15.541] [  7] [INFO ] PowershellHelper: lastDirectorySyncTime=null
    [09:32:15.823] [  7] [INFO ] AzureTenantPage: Successfully retrieved 2 domains from the tenant.
    [09:32:15.823] [  7] [INFO ] Calling to get the last dir sync time for the current user
    [09:32:16.057] [  7] [INFO ] AzureTenantPage: Windows Azure tenant credentials validation succeeded.
    [09:32:16.057] [  1] [INFO ] Page transition from "Connect to Azure AD" [AzureTenantPageViewModel] to "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel]
    [09:32:16.088] [  1] [INFO ] Property Username failed validation with error The username format is incorrect. Specify the username in the format of DOMAIN\username.
    [09:32:27.809] [  1] [INFO ] Property Password failed validation with error A password is required.
    [09:32:32.531] [ 18] [INFO ] ConfigOnPremiseCredentialsPage: Validating credentials.
    [09:32:32.572] [ 18] [INFO ] ConfigOnPremiseCredentialsPage: LogonUser succeeded for user AA-FM\srv_azure
    [09:32:33.289] [ 18] [INFO ] Start GetEnterpiseAdminSid using rootdomain AA-FM.LAN
    [09:32:33.310] [ 18] [INFO ] EnterpiseAdminSid=S-1-5-21-2592349688-90978532-44981913-519
    [09:32:33.431] [ 18] [INFO ] ValidateCredentials UseExpressSettings: The domain name 'AA-FM.LAN' was successfully matched.
    [09:32:33.438] [ 18] [INFO ] ConfigOnPremiseCredentialsPage: Validating forest
    [09:32:33.444] [ 18] [INFO ] Validating forest with FQDN AA-FM.LAN
    [09:32:33.640] [ 18] [INFO ] Examining domain AA-FM.LAN (:0% complete)
    [09:32:33.646] [ 18] [INFO ] ValidateForest: using AAFMAD01.AA-FM.LAN to validate domain AA-FM.LAN
    [09:32:33.650] [ 18] [INFO ] Successfully examined domain AA-FM.LAN GUID:b6e73ab7-ecec-4067-8251-b42e12de57e9  DN:DC=AA-FM,DC=LAN
    [09:32:33.697] [ 18] [INFO ] ConfigOnPremiseCredentialsPageViewModel: Credentials will be used to administer the AD MA account (New Install).
    [09:32:33.827] [ 18] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/aafmbv.onmicrosoft.com, AdalResource=https://graph.windows.net.
    [09:32:33.827] [ 18] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:33: 58566546-b27c-4bf5-ad47-f72d3a834136 - AcquireTokenHandlerBase: === Token Acquisition started:
    Authority: https://login.windows.net/aafmbv.onmicrosoft.com/
    Resource: https://graph.windows.net
    ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
    CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
    Authentication Target: User

    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:33: 58566546-b27c-4bf5-ad47-f72d3a834136 - TokenCache: Looking up cache for a token...
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:33: 58566546-b27c-4bf5-ad47-f72d3a834136 - TokenCache: An item matching the requested resource was found in the cache
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:33: 58566546-b27c-4bf5-ad47-f72d3a834136 - TokenCache: 59.6233490183333 minutes left until token in cache expires
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:33: 58566546-b27c-4bf5-ad47-f72d3a834136 - TokenCache: A matching item (access token or refresh token or both) was found in the cache
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:33: 58566546-b27c-4bf5-ad47-f72d3a834136 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
    Access Token Hash: xiVJTEGdmOFqNEBZCajFMOZeM4kM4uOConQx+I489dU=
    Refresh Token Hash: n/OjI3StN68W5byKYpt1mEt3uD6XhP/z161lT1pd8dY=
    Expiration Time: 03/17/2017 09:32:11 +00:00
    User Hash: T3MPzDytcZ4VqBi1sb65VDNbcArheRXEZ7unbv6TvpU=

    [09:32:33.829] [ 18] [VERB ] MsolDomainExtensions.GetAllConfiguredDomains: Connecting to MSOL service.
    [09:32:33.829] [ 18] [INFO ] ConnectMsolService: connecting using an AccessToken.
    [09:32:34.678] [ 18] [INFO ] Page transition from "Connect to AD DS" [ConfigOnPremiseCredentialsPageViewModel] to "Azure AD sign-in" [UserSignInConfigPageViewModel]
    [09:32:34.686] [ 18] [INFO ] Starting a background thread in Azure AD sign-in configuration. Background Task Id: 6222.
    [09:32:34.940] [  8] [INFO ] DiscoverAzureEndpoints [AzurePowerShell]: ServiceEndpoint=https://provisioningapi.microsoftonline.com/provisioningwebservice.svc, AdalAuthority=https://login.windows.net/aafmbv.onmicrosoft.com, AdalResource=https://graph.windows.net.
    [09:32:34.940] [  8] [INFO ] AcquireServiceToken [AzurePowerShell]: acquiring additional service token.
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:34: fe4256cf-8260-47bb-8040-3005e00a3f58 - AcquireTokenHandlerBase: === Token Acquisition started:
    Authority: https://login.windows.net/aafmbv.onmicrosoft.com/
    Resource: https://graph.windows.net
    ClientId: cb1056e2-e479-49de-ae31-7812af012ed8
    CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
    Authentication Target: User

    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:34: fe4256cf-8260-47bb-8040-3005e00a3f58 - TokenCache: Looking up cache for a token...
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:34: fe4256cf-8260-47bb-8040-3005e00a3f58 - TokenCache: An item matching the requested resource was found in the cache
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:34: fe4256cf-8260-47bb-8040-3005e00a3f58 - TokenCache: 59.60479839 minutes left until token in cache expires
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:34: fe4256cf-8260-47bb-8040-3005e00a3f58 - TokenCache: A matching item (access token or refresh token or both) was found in the cache
    AzureADConnect.exe Information: 0 : 03/17/2017 08:32:34: fe4256cf-8260-47bb-8040-3005e00a3f58 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
    Access Token Hash: xiVJTEGdmOFqNEBZCajFMOZeM4kM4uOConQx+I489dU=
    Refresh Token Hash: n/OjI3StN68W5byKYpt1mEt3uD6XhP/z161lT1pd8dY=
    Expiration Time: 03/17/2017 09:32:11 +00:00
    User Hash: T3MPzDytcZ4VqBi1sb65VDNbcArheRXEZ7unbv6TvpU=

    [09:32:34.941] [  8] [VERB ] MsolDomainExtensions.GetAllConfiguredDomains: Connecting to MSOL service.
    [09:32:34.941] [  8] [INFO ] ConnectMsolService: connecting using an AccessToken.
    [09:32:35.776] [  1] [INFO ] UPN Suffix List
    [09:32:35.776] [  1] [INFO ] --------------------------------------------------------------------
    [09:32:35.776] [  1] [INFO ] UPN Suffix [Azure Status]
    [09:32:35.776] [  1] [INFO ] --------------------------------------------------------------------
    [09:32:35.780] [  1] [INFO ] aa-fm.lan [Not Added]
    [09:32:35.780] [  1] [INFO ] aa-fm.com [Verified]
    [09:32:35.780] [  1] [INFO ] --------------------------------------------------------------------
    [09:32:35.782] [  1] [WARN ] Users will not be able to sign-in Azure AD using their on-premises credentials.
    [Partial matching domains]
    [09:32:47.797] [  1] [INFO ] Page transition from "Azure AD sign-in" [UserSignInConfigPageViewModel] to "Configure" [PerformConfigurationPageViewModel]
    [09:32:47.806] [  1] [INFO ] Starting a background thread in Ready to configure. Background Task Id: 8126.
    [09:32:48.828] [ 19] [INFO ] DiscoverAzureEndpoints [AADHealth]: ServiceEndpoint=https://s1.adhybridhealth.azure.com, AdalAuthority=https://login.windows.net/aafmbv.onmicrosoft.com, AdalResource=https://management.core.windows.net/.
    [09:32:51.775] [  1] [INFO ] Starting a background thread in Configuring. Background Task Id: 8757.
    [09:32:51.776] [ 19] [INFO ] PerformConfigurationPageViewModel.ExecuteADSyncConfiguration: Preparing to configure sync engine (WizardMode=ExpressInstall).
    [09:32:51.777] [ 19] [INFO ] PerformConfigurationPageViewModel.ExecuteSyncEngineInstallCore: Preparing to install sync engine (WizardMode=ExpressInstall).
    [09:32:51.780] [ 19] [INFO ] Starting Sync Engine installation
    [09:33:42.579] [ 19] [INFO ] ServiceControllerProvider: processing StopService request for: ADSync
    [09:33:42.580] [ 19] [INFO ] ServiceControllerProvider: Initial service status: Running
    [09:33:42.580] [ 19] [INFO ] ServiceControllerProvider: stopping service and waiting for completion.
    [09:33:42.832] [ 19] [INFO ] ServiceControllerProvider: StopService status: Stopped
    [09:33:44.532] [ 19] [INFO ] ServiceControllerProvider: Processing StartService request for: ADSync
    [09:33:44.532] [ 19] [INFO ] ServiceControllerProvider: Initial service status: Stopped
    [09:33:44.532] [ 19] [INFO ] ServiceControllerProvider: Starting service and waiting for completion.
    [09:33:46.862] [ 19] [INFO ] ServiceControllerProvider: waiting to re-verify service is running...
    [09:33:51.865] [ 19] [INFO ] ServiceControllerProvider: verifying ADSync is in state (Running)
    [09:33:51.868] [ 19] [INFO ] ServiceControllerProvider: current service status: Running
    [09:33:51.868] [ 19] [INFO ] ServiceControllerProvider: StartService status: Running
    [09:33:51.966] [ 19] [INFO ] InstallSyncEngineStage: Sync Engine was successfully installed.
    [09:33:51.966] [ 19] [INFO ] DetectInstalledComponents: Marking Sync Engine as successfully installed.
    [09:33:51.973] [ 19] [INFO ] PerformConfigurationPageViewModel.StartInstallation: Preparing to configure sync engine.
    [09:33:51.986] [ 19] [VERB ] GetAdminCredential called with account AA-FM.LAN\srv_azure
    [09:33:51.986] [ 19] [VERB ] AdministratorUsername is in NTAccount format.
    [09:33:51.986] [ 19] [VERB ] GetAdminCredential returning account AA-FM.LAN\srv_azure
    [09:33:51.986] [ 19] [INFO ] Creating AD MA account for AA-FM.LAN.
    [09:33:52.126] [ 19] [VERB ] CreateSynchronizationAccount(System.Net.NetworkCredential, e10078a4286f408cbb544699d73b76e4, aafmbv.onmicrosoft.com)
    [09:33:52.137] [ 19] [INFO ] Synchronization account will have account name AA-FM.LAN\MSOL_e10078a4286f
    [09:33:52.173] [ 19] [INFO ] Synchronization account already exists.
    [09:33:52.301] [ 19] [INFO ] GrantAllActiveDirectoryPermissions: Granting DsReplicationGetChanges permission on all domains for password hash synchronization.
    [09:33:52.462] [ 19] [ERROR] Caught exception while creating synchronization account.
    Exception Data (Raw): System.DirectoryServices.DirectoryServicesCOMException (0x8007202F): A constraint violation occurred.

       at System.DirectoryServices.DirectoryEntry.CommitChanges()
       at Microsoft.Online.DirSync.Common.DirectoryServicesAdapter.DirectoryEntry.CommitChanges()
       at Microsoft.Online.DirSync.Common.DomainAccountUtility.UpdatePermissionsOnDomains(DomainCollection domains, SecurityIdentifier sid, AccessControlEntryUpdateAction actionType, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
       at Microsoft.Online.Deployment.Types.ActiveDirectoryPermissionsHelper.UpdateAccessRightsOnAllDomainsInForest(NetworkCredential domainAdminCredential, String samAccountName, AccessControlEntryUpdateAction accessControlEntryUpdateAction, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
       at Microsoft.Online.Deployment.Types.ActiveDirectoryPermissionsHelper.GrantReplicationGetChangesPermissionToAllDomainsInForest(NetworkCredential domainAdminCredential, String synchronizationAccountName)
       at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.GrantAllActiveDirectoryPermissions(NetworkCredential enterpriseAdminCredential, String syncAccountName)
       at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.CreateSynchronizationAccount(NetworkCredential domainAdminCredential, String installationIdentifier, String tenantDisplayName)
       at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(IPersistedStateProvider persistedStateProvider, StatusChangedDelegate progressChanged)
    [09:33:52.467] [ 19] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed
    [09:33:52.518] [  8] [INFO ] Starting Telemetry Send
    [09:34:05.655] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20170317-093129.log

    After install Azure AD connect:

    Serviceaccount is member of enterprise admin group and included in local administrator group.
    On firewall open port ssl/443 from ip adrdress server to external, without proxy or authenication


    [09:33:52.137] [ 19] [INFO ] Synchronization account will have account name AA-FM.LAN\MSOL_e10078a4286f
    [09:33:52.173] [ 19] [INFO ] Synchronization account already exists.
    [09:33:52.301] [ 19] [INFO ] GrantAllActiveDirectoryPermissions: Granting DsReplicationGetChanges permission on all domains for password hash synchronization.
    [09:33:52.462] [ 19] [ERROR] Caught exception while creating synchronization account.
    Exception Data (Raw): System.DirectoryServices.DirectoryServicesCOMException (0x8007202F): A constraint violation occurred.

       at System.DirectoryServices.DirectoryEntry.CommitChanges()
       at Microsoft.Online.DirSync.Common.DirectoryServicesAdapter.DirectoryEntry.CommitChanges()
       at Microsoft.Online.DirSync.Common.DomainAccountUtility.UpdatePermissionsOnDomains(DomainCollection domains, SecurityIdentifier sid, AccessControlEntryUpdateAction actionType, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
       at Microsoft.Online.Deployment.Types.ActiveDirectoryPermissionsHelper.UpdateAccessRightsOnAllDomainsInForest(NetworkCredential domainAdminCredential, String samAccountName, AccessControlEntryUpdateAction accessControlEntryUpdateAction, ActiveDirectoryRights accessType, Guid accessRightsGuid, Boolean applyToAdminSDHolder, Guid inheritedObject, ActiveDirectorySecurityInheritance inheritanceType)
       at Microsoft.Online.Deployment.Types.ActiveDirectoryPermissionsHelper.GrantReplicationGetChangesPermissionToAllDomainsInForest(NetworkCredential domainAdminCredential, String synchronizationAccountName)
       at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.GrantAllActiveDirectoryPermissions(NetworkCredential enterpriseAdminCredential, String syncAccountName)
       at Microsoft.Online.Deployment.Types.Providers.SyncDataProvider.CreateSynchronizationAccount(NetworkCredential domainAdminCredential, String installationIdentifier, String tenantDisplayName)
       at Microsoft.Online.Deployment.OneADWizard.Runtime.Stages.ConfigureSyncEngineStage.StartADSyncConfigurationCore(IPersistedStateProvider persistedStateProvider, StatusChangedDelegate progressChanged)
    [09:33:52.467] [ 19] [INFO ] ConfigureSyncEngineStage.StartADSyncConfiguration: AADConnectResult.Status=Failed
    [09:33:52.518] [  8] [INFO ] Starting Telemetry Send
    [09:34:05.655] [  1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20170317-093129.log


    MAHH

    Friday, March 17, 2017 9:43 AM

All replies

  • As first the wizard tries to create an account: 

    [09:33:52.137] [ 19] [INFO ] Synchronization account will have account name AA-FM.LAN\MSOL_e10078a4286f
    [09:33:52.173] [ 19] [INFO ] Synchronization account already exists.

    As next the wizard tries to assign the replicate Directory Changes permission on all domains:

    [09:33:52.301] [ 19] [INFO ] GrantAllActiveDirectoryPermissions: Granting DsReplicationGetChanges permission on all domains for password hash synchronization.
    [09:33:52.462] [ 19] [ERROR] Caught exception while creating synchronization account.
    Exception Data (Raw): System.DirectoryServices.DirectoryServicesCOMException (0x8007202F): A constraint violation occurred.
    at System.DirectoryServices.DirectoryEntry.CommitChanges()

    Could you confirm is the installer account(who has started the wizard),is an enterprise admin?
    Tuesday, April 4, 2017 5:19 PM
    Moderator
  • We have the same problem here. Could you share how to solve the problem?
    Tuesday, September 26, 2017 2:00 AM