DirSync Configuration Fails with Unknown Error 0x80005000

During the configuration step of Azure Active Directory Sync (DirSync), you may encounter this error. This occurs when there is a connection issue between the DirSync server and a Domain Controller (DC) in the environment.

During the configuration step, DirSync attempts to contact each domain in the AD Forest, and then attempts to grants rights to the MSOL service account in each domain (note: MSOL service account is created as part of DirSync configuration). It is during these tasks where it attempts to connect to one of the DC’s in each domain where it could throw 0x80005000 error, if it fails to connect to that DC.

I have seen a few reasons why this occurs:

1. You have domain / DC entries in your AD Forest which point to objects which no longer exist
2. You have a DC which is down
3. You have a DC which is inaccessible e.g. routing rules prevent access to the DC

Here I have some pseudo code, which shows what DirSync is attempting to do:

    1: foreach (ActiveDirectoryPartition directoryPartition in forest.Domains)
    2:   {
    3:       GiveMSOLUserRights(MSOLUser); //grant MSOL service account rights in the domain
    4:   }

There is nothing you can do to solve the error, other than ensure the DC it is trying to connect to is available / contactable. It is a hard requirement of the DirSync software. There are a few PowerShell scripts around, which you can use to find out which DCs are not accessible from your DirSync server e.g. https://www.itadmintools.com/2011/07/powershell-list-domain-controllers-in.html