Azure AD Sync Error: Error Code 8344

This is quite a common issue when setting up AD connect to sync user accounts with Azure AD. Once you have setup sync you will see the following errors in event viewer. (This can happen also when changing what variable is used to sync accounts, such as changing from objectGUID to mS-DS-ConsistencyGuid)

Error 8344 Insufficient Access Rights

Insufficient access means that your AAD account doesn’t have the correct write back permissions. The resolution is quite simple, there are a ton of scripts out there to change permissions however the manual mode is safer if you are not a code monkey.

Time needed: 30 minutes.

Add permission inheritance to user objects in AD

  1. In Active Directory Users and Computers, open user properties. Go to the Security tab and click Advanced

    Here we enable permission inheritance on the user in question. This will need doing for any user which generates the error in AD Connect.

    Error Code 8344

  2. Enabling Inheritance

    Here we allow the user object to inherit permissions. Select “Enable Inheritance”

    Error-8344-insufficient-access-rights-to-AD-Object

Allow the AAD sync to run again and you should see the error does not occur for users with the above permissions.

Tags: AD Connect

Allen White

Allen is an IT Consultant and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5, 6 and HP ASE, AIS - Network Infrastructure.

Leave a comment

Categories

Vote!

What Web Browser Do You Use?

View Results

Loading ... Loading ...

Vote!

What do you prefer..VMware or Hyper-V?

View Results

Loading ... Loading ...