Microsoft Office Tutorials and References
In Depth Information
Troubleshooting common directory synchronization errors
When a notification is received that directory synchronization potentially might be
unhealthy, review the event log and locate all directory synchronization messages.
Directory synchronization events can be identified by sorting the Source column and looking for
messages generated by directory synchronization.
The following sections provide solutions to troubleshoot directory synchronization if it is
Force directory synchronization
Network issues might have prevented directory synchronization from executing normally or
might have caused an abnormal termination of the directory synchronization process. Try
to manually force directory synchronization either through Windows PowerShell or the
Synchronization Service Manager, as shown earlier in this chapter in the “Forcing an
unscheduled directory synchronization” section.
Check the directory synchronization AD service account
Validate that the directory synchronization service account credential in AD is still valid. By
default, this is the MSOL_< Numeric Identifier > account, which can be identified in Active
Directory Users and Computers.
Check the directory synchronization Office 365 account
When you first configured directory synchronization using the Configuration Wizard, you
provided Office 365 Global Administrator account credentials. This account is used to
log on to Office 365 for export and synchronization purposes. The Global Administrator
account is a cloud ID and, by default, the password will expire every 90 days. Validate that
this account has not expired.
If directory synchronization is not able to log on to Office 365 because its account
credentials have expired, the event log will show errors similar to this:
Source: directory synchronization
Your Credentials could not be authenticated. Retype your credentials and try again.
GetAuthState() failed with -2147186688 state. HRsesult( 0x80048800)
Consider setting the directory synchronization Office 365 account credentials not to expire.
Do this by issuing the following Windows PowerShell commands:
$cred = Get-Credential
Connect-MSOLService –Credential $cred
Set-MSOLUser –UserPrincipalName <User Account> -PasswordNeverExpires $true