AAD Connect stops syncing.
The error is as follows:
Start-ADSyncSyncCycle : System.Management.Automation.CmdletInvocationException: System.InvalidOperationException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.
This situation occurs after enabling Security Defaults on an Azure AD Tennent.
Despite the claims about Security Defaults you can disable MFA on a per user basis. Just go to 365 MFA user settings (https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx) with your admin creds and disable MFA for the account that runs the AAD updates (it will have a username starting with 'Sync_').
Run a normal sync a couple of times and AAD Connect will sort itself out.
Very helpful, thanks!
ReplyDelete