AADSync and 1202 Event Log Warnings
Just a quick blog update on a AADSync article I found. I had issues with the local account on my AADSync server starting as a service. Adding the account to the “log on as a service” Policy setting via GPO would fix the service starting, but the Application Logs on the DC’s would fill up with 1202 warnings “Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.”
Finally I found this TechNet article and it seems to fit the bill for me. With one addition, I put the backup operators group in the log on as a service GPO policy setting and removed the local AADSync account I had put in there. I left the log on locally alone as by default it has that group in it.
Note: Once possible option to resolve the issue is to place the local “AAD_xxxxxxxxxx” account in the local computer Administrators group. This is however not possible since the AADSync installation will remove this group assignment to enforce best practice.
The correct fix is to check you Group Policy settings applied to servers and ensure that the Backup Operators group is granted the Allow log on locally privilege on the AADSync server.”
Not sure how I missed that Backup Operators fix, but I’m glad I found it now.