Fix: Start-ADSyncSyncCycle : Retrieving the COM class factory for remote component with CLSID {835BEE60-8731-4159-8BFF-941301D76D05}

Helpdesk users with limited administrative privileges may encounter the follow error when running the Start-ADSyncSyncCycle cmdlet:

PS C:\WINDOWS\system32> Start-ADSyncSyncCycle
Start-ADSyncSyncCycle : Retrieving the COM class factory for remote component with CLSID
{835BEE60-8731-4159-8BFF-941301D76D05} from machine failed due to the following error: 80070005

start adsyncsynccyle 80070005

To sync Azure AD, you need to be a member of the ADSyncOperators local group on the Azure AD Connect server. (Or local administrator, that should work too 🙂 ). To do so, connect a Computer Management session to the Azure AD server, and add the user to the ADSyncOperators group under Local Users and Groups

add user to local group ADSyncOperators

Synchronization to Azure runs on a scheduled basis. However, you may want to run the Start-ADSyncSyncCycle cmdlet manually if you have created a user or changed group membership and want to reflect that change in Azure AD immediately.

I wrote an simple Powershell script to sync Active Directory with Azure remotely from our management server. This script allows users with limited administrative privileges (like Helpdesk, Servicedesk, or Application Administrators) to force a sync of users and groups.

To remotely start this script, the user need to a be a member of the following local groups on the Azure AD Connect server:
Remote Management Users
ADSyncOperators

#Run AzureAD Sync. No error handling available. If it runs successfully, it will take 20 seconds approximately. If the window disappears immediately, the cmdlet failed.
$computer = "your_AzureADConnect_server" #i.e. WIN-AZUREAD.mydomain.local
invoke-command -ComputerName $computer -ScriptBlock {start-adsyncsynccycle} -ErrorAction Stop
Write-Host "AD is being synced with Azure AD. This will take up to 30 seconds"

Save the script as a ps1 file, and create a shortcut for your Helpdesk user that targets something like “powershell.exe c:\script\scriptname.ps1”

By the way: if you try to run the script remotely, but you didn’t add the user to the Remote Management Users group, the following error message pops up:

PS C:\WINDOWS\system32> Start-ADSyncSyncCycle
Connecting to remote server failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.

connect to remote server failed

5 1 vote
Article Rating
Subscribe
Notify of
guest
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Trump

The great Reset is happening, stand up and resist! -Q

Venkatesh Gurvindapalli

Hello All,

Small advice for the above issue/error if you have installed Azure AD Connect on the DC server then you can find the same group in the ADUC/AD server, inside the group you go ahead and add the effected user that will fix the cause/issue/error.

2
0
Would love your thoughts, please comment.x
()
x