AADconnect / Azure AD / Office 365 / Seamless Sign On / SSO

Oops, I deleted AZUREADSSOACC – What now – How to fix

Mark Gerlow3 Comments

Accidents happen, we are only human and sometimes we accidently delete something that we shouldnt have. In most cases its no big deal, we can restore wlEmoticon-thumbsup.png. When it comes to Active Directory, it actually can be an issue. AD restores can be a nightmare (in my humble oppinion, anyways).

On a quick sidenote, enable AD recycle Bin, it can really save you some time.

Open Active Directory Administrative Center

2019-10-08_10h48_48

2019-10-08_10h50_05

After enabling it, you can’t disable it (but why would you?)

BUT, in this case we “act” like, we havent enabled it wlEmoticon-smile.png

So somebody accidently deleted the AZUREADSSOACC computer account . This is the “virtual” computer account, used with Azure AADConnect when you enable SSO. (You can read more about it in a previous articel HERE.

Normally its placed In the Computers container2019-10-08_11h12_28

But, in this case we deleted it ( And just to prove to you, that I’m not cheating smiley disappointed)

2019-10-08_11h13_55

It’s gonewlEmoticon-sleepysmile.png

 

First you need to log on the computer on which you have AADConnect running.

Right click, and choose run as Admin (If you have UAC enabled, click yes wlEmoticon-smile.png ) on the “Azure AD Connect” icon, placed, must likly on your desktop (Thats default)

2019-10-08_11h16_12

2019-10-08_11h17_39

Click “Configure”

2019-10-08_11h18_35

Choose “Change user sign-in”, and click next. Logon with your Office 365 Global Admin account

2019-10-08_11h19_55

Remove the option for “Enable single sign-on” and click next

2019-10-08_11h21_48

And then, Configure

2019-10-08_11h23_46

Now, if the next screenshot is what you get, you are got to gowlEmoticon-thumbsup.png. If it comes with a warning, saying something like “Single sign-on could not be disabled”, have no fear, it did for me when I did some test the first time. Run the wizard to the end, wait 5-10 min. and try again. You should end up with it being succesfully disabled.

2019-10-08_11h25_12

Status: For now, we have diabled SSO. Now we need to enable it again, because its an awesome feature and we really want it……

Run the Wizard again (As an admin), and make sure you set the tick (or what ever you call it) in “Enable single sign-on”

2019-10-08_11h30_35

Click next – In the “Enter credentials” box, you need to provide your local Domain Admin

2019-10-08_11h32_22

Click OK, and next

2019-10-08_11h33_46

Click “Configure” and let the wizard do its magicwlEmoticon-confusedsmile.png

2019-10-08_11h34_41

Dont be alarmed, if it throws an error, it did for me a couple of times, just hit retry.

2019-10-08_11h38_26

Yay…success… and look, AZUREADSSOACC is back where it belongs in AD wlEmoticon-openmouthedsmile.png2019-10-08_11h39_57

Give it time to run a sync (or force one with PowerShell Start-ADSyncSyncCycle -PolicyType Delta ), but eventually it will sync back up, and work like it did before.

Happy Clouding wlEmoticon-smile.png

3 thoughts on “Oops, I deleted AZUREADSSOACC – What now – How to fix

    • You are so very welcome. I’m really happy that I could help you out. And off course you helped me, with an idea to an article that hopefully could help, someone else in that situation.
      Take care, and best regards

      Mark

      Like

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.