Azure AD Connect is not working correctly after an automatic upgrade

Applies to: Azure

Symptoms


When you run Azure AD Connect 1.1.443.0 or an earlier version, you experience one of the following issues:

  • Azure AD Connect is only partially upgraded, the scheduler is suspended, and no automatic synchronization cycle occurs.
  • Azure AD Connect is upgraded correctly, the scheduler is enabled, and object changes are synchronized correctly to Azure Active Directory (Azure AD). However, the password synchronization feature or the password writeback feature is disabled.

Cause


A problem in the automatic upgrade feature for Azure AD Connect causes the Microsoft.Azure.ActiveDirectory.Synchronization.Upgrader.exe process to terminate because of an unhandled exception. Therefore, the automatic upgrade does not finish.

How to check whether you are affected


Step 1: Determine whether automatic upgrade recently tried to upgrade Azure AD Connect

Examine the log files in the %ProgramData%\AADConnect folder. Log files that have a title of "SyncEngine-AutoUpgrader-[Date]-[Time].log" indicate the time that the automatic upgrade occurred.

log file indicates azure ad connect automatic upgrade


Step 2: Determine whether Azure AD Connect is partially upgraded

Run the Azure AD Connect wizard. If Azure AD Connect is partially upgraded, you are prompted to upgrade Azure AD Connect.

Prompted to upgrade Azure AD Connect


Step 3: Compare the installed version of Azure AD Connect with the version in the server configuration

During automatic upgrade, the current installation of Azure AD Connect is upgraded, and then the version in the server configuration is updated. If the two versions don't match, Azure AD Connect is only partially upgraded.

To check which version of Azure AD Connect is installed, open the Programs and Features item in Control Panel, and examine the version number of Azure AD Connect.

Check the Azure AD Connect version


To check the version of Azure AD Connect in the server configuration, run the following command in Windows PowerShell, and look for the value of the Microsoft.Synchronize.ServerConfigurationVersion property:

(Get-ADSyncGlobalSettings).Parameters | select Name,Value


Check the Azure AD Connection version in the server configuration

Check the status of the scheduler by running the following command:

Get-ADSyncScheduler

If the value of SchedulerSuspended is True, the scheduler is suspended.

Check the scheduler status of Azure AD Connect


Step 4: Verify that password synchronization and password writeback are enabled

If Azure AD Connect is upgraded correctly, open the Azure AD Connect wizard, and then select Review your solution to verify that the password synchronization and password writeback features are enabled.

Check if the password synchronization and password writeback features are enabled

Workaround


To work around this issue, follow these steps:

  1. Start the Azure AD Connect wizard, and then click Upgrade.
  2. After the upgrade is complete, verify that the installed version of Azure AD Connect matches the version in the server configuration.
  3. If you have previously enabled the password synchronization feature or the password writeback feature, verify that the feature remains enabled after the upgrade is complete.
  4. If any of the features is disabled after the upgrade, click Customize synchronization options in the Azure AD Connect wizard, and then manually enable the feature.

    manually enable the password synchronization and password writeback features