- FIM Synchronization Service Engine
- Azure Active Directory Connector (AAD Connector) : http://go.microsoft.com/fwlink/?LinkID=330371
Receiving a stopped-extension-dll exception on the Azure Active Directory connector when running either of the single step run profiles:
- Full Import Full Synchronization
- Delta Import Delta Synchronization.
In this scenario, it appears as if the connection to Azure is failing. Neither the Full Import nor Delta Import would work and would fail with the same error. Did not test the export, but if it is a connection issue most likely this run profile step would fail as well.
- The password expired for the AAD Connector
- Reviewed the event logs and found an Application event log error regarding the Microsoft Online Services Sign-In Assistant (this is the service used to connect to the cloud)
- Verified under Services that the Microsoft Online Services Sign-In Assistant was started
- Reviewed the properties of the Azure Connector to get the account that is specified on the connector and used to connect to the data source, in this case the cloud
- Logged into the Office 365 portal to verify the DirSync user account that is specified on the “Connection” step of the Azure Connector
- The attribute values looked fine
- Had customer try logging into the Office 365 portal using this account – when the Azure connector is started it uses this account to connect to the cloud so I wanted to verify that everything was valid and we were able to connect
- Immediately it prompted for a new password – the password for this account had expired
- Changed the password for the DirSync account and updated the password in the “Connect” step on the Azure Active Directory Connector
- Ran the Full Import Full Synchronization steps and everything started successfully. Issue resolved.
- If you would like to set this account so that the password never expires to help prevent this issue in the future, you could use the PasswordNeverExpires Attribute.
- The PasswordNeverExpires attribute on the user object that can be set to $true to prevent the password from expiring. The following link includes the steps to use PowerShell to update this attribute value for a specific user account:
- “Configure user passwords to never expire”: http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh534387.aspx