LSASS fails and returns a "0xc0000005" error when you run "Full Import" on AAD Connect against a Windows Server 2012 R2 DC

This problem occurs when the following conditions are true:

  • You deploy Windows Server 2012 R2 domain controllers (DC) in your Active Directory domain in which the Active Directory Recycle Bin is disabled.
  • You are using Microsoft Azure AD (AAD) Connect to synchronize accounts to your Azure AD.
When you run a "Full Import" process on Azure AD Connect against a Windows Server 2012 R2 DC, the Local Security Authority Subsystem Service (LSASS) causes an access violation in the DC. This causes the DC to crash or restart. This prevents unsynchronized users from logging on to AAD or Microsoft Office 365.

When this problem occurs, the following event messages are logged in the application log:

Level: Error
Source: Application Error
Event ID: 1000
Faulting module name: ntdsai.dll, version: 6.3.9600.18009, time stamp: 0x55c8e51c
Exception code: 0xc0000005
Fault offset: 0x0000000000219ddf
Faulting process id: pid
Faulting application start time: start time
Faulting application path: C:\Windows\system32\lsass.exe
Faulting module path: C:\Windows\system32\ntdsai.dll
Report Id: report id

Level: Error
Source: WinInit
Event ID: 1015
Message: A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted.

This problem occurs if an object that was previously synchronized is now deleted from the on-premises Active Directory environment.
To fix this problem, install the update that is described in Knowledge Base article 3103709.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Learn about the terminology that Microsoft uses to describe software updates.

Article ID: 3145339 - Last Review: 04/20/2016 04:59:00 - Revision: 5.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation

  • kbsurveynew kbfix kbexpertiseadvanced KB3145339