Azure Active Directory Connect: error occurred while executing the ‘Get-MsolUser’ cmd

I have to start off by saying I have a serious love/hate relationship with the damn Windows 10 clipboard history! So convenient, and then so frustrating when it doesn’t work. Taking lots of screenshots with the Screen Snip tool to document an issue, presuming I can retrieve them later with clipboard history, only to press Windows + V and see this lad sneering at me!

GAH! It seems like it gets disabled after a Feature Update possibly with no warning. Very frustrating, and not the first time it’s happened…I need to stop relying on it!

So screenshots below are pulled from various sources, and explanation is lacking in the detail I’d normally like, but anyway…

If you’ve just set up Azure Active Directory, added your verified public domain, and want to sync your on-premises AD, you might come across an error similar to the below in Azure Active Directory Connect (although I believe the error was more along the lines of “error occurred while executing the ‘Get-MsolUser’ cmd. Access denied”. Damn you clipboard history!):

This was happening for me using the Domain Administrator account I used to create the Azure tenant. Even using the UPN specified in Azure AD wasn’t allowing me to get past this section of the wizard, giving the MSOL error. I had no problem logging in with the credentials via portal.azure.com

The problem was simple in the end; after adding a verified domain, the original Domain Administrator account will still retain the default onmicrosoft.com UPN, as below:

Simply modifying this to the verified public domain, and specifying that username in Azure AD Connect, finally allowed me to authenticate and continue with the sync wizard.

Leave a Reply

Your email address will not be published. Required fields are marked *