Provide the password of the AD DS Connector account

As the existing passwords stored inside the database can no longer be decrypted, you need to provide the Synchronization Service with the password of the AD DS Connector account. The Synchronization Service encrypts the passwords using the new encryption key:

  1. 1. Start the Synchronization Service Manager (START → Synchronization Service).
    Sync Service Manager
  2. 2. Go to the Connectors tab.
  3. 3. Select the AD Connector that corresponds to your on-premises AD. If you have more than one AD connector, repeat the following steps for each of them.
  4. 4. Under Actions, select Properties.
  5. 5. In the pop-up dialog, select Connect to Active Directory Forest:
  6. 6. Enter the password of the AD DS account in the Password textbox. If you do not know its password, you must set it to a known value before performing this step.
  7. 7. Click OK to save the new password and close the pop-up dialog. 
  8. Azure AD Connect Sync Encryption Key Utility