Monday, April 10, 2017

AAD Connect Service Account Changes

Hows it going everyone. 

Had an interesting conversation with another engineer today about the service account that AAD Connect is using. Normally if you do not specify a service account it should create an account for you named AAD_Junk, assuming you have the proper permissions.

A lot of time was spent today trying to figure out why a good and working install of AAD Connect did not have the expected user account, and maybe this is my rookie showing, but the service account was running under NTSERVICE\ADSYNC.

This didn’t seem right to me as I was expecting the AAD_ account so rereading the documentation I found out that Microsoft changed the default service account AAD Connect uses in April 2017.

It appears all new versions will default to using the Virtual Service Account method.