Error upgrading Azure AD Connect on a Domain Controller

Whilst in production and for customers I always recommend installing the Azure AD Connect on a dedicated machine, in my lab however I’m a little constrained with resources so therefore have installed it on the Domain Controller, which up to now has been fine.

Today I decided to upgrade to the latest version ( as of writing) so I duly downloaded the setup and proceeded with the in place upgrade having successfully done so in the past.

This time it would error out and advise reading the logs, in which I found:

Error 25037.The groups entered do not all exist or cannot be found.

On a standard server the AD Connect will create local security groups to manage access, however since I was using a domain controller this wasn’t possible and nor was I prompted to select custom groups.

So as it is a lab I tried uninstalling it and the supporting components before performing a clean install and lo and behold it installed correctly.

I can only presume the setup process is slightly different during the upgrade and it can’t cope with the domain controllers lack of local security groups.

Please remember, if you are doing this to make a note (or take a backup) of any changes in OU filtering or rule changes from the default prior to uninstalling.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s