Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


This problem occurs when the following conditions are true:

  • You deploy Windows Server 2012 R2 domain controllers (DC) in your Active Directory domain in which the Active Directory Recycle Bin is disabled.

  • You are using Microsoft Azure AD (AAD) Connect to synchronize accounts to your Azure AD.

When you run a "Full Import" process on Azure AD Connect against a Windows Server 2012 R2 DC, the Local Security Authority Subsystem Service (LSASS) causes an access violation in the DC. This causes the DC to crash or restart. This prevents unsynchronized users from logging on to AAD or Microsoft Office 365.

When this problem occurs, the following event messages are logged in the application log:


This problem occurs if an object that was previously synchronized is now deleted from the on-premises Active Directory environment.


To fix this problem, install the update that is described in Knowledge Base article 3103709.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!