Azure AD Sync Service Not Running: Fix It Fast

Opening the Azure AD Connect wizard surfaces this blocking error sequence:

Sync Service not running
Cannot proceed because the sync service is not running.
Start the ADSync service and restart the AADConnect Wizard to continue.

You may also receive an automated email from Microsoft stating that Azure AD has not registered a synchronization attempt in the last 24 hours. In the Services console, the Microsoft Azure AD Sync service shows a Stopped status even though its startup type is set to Automatic.

Why Does the Azure AD Sync Service Stop?

The ADSync Windows service handles all identity data flowing between your on-premises Active Directory and Azure AD - user accounts, group memberships, and credential hashes. When it stops, synchronization and password management halt completely.

Several conditions cause this failure:

• A server reboot causes the service to miss its dependency window before network and SQL services are ready
• A Windows cumulative update restarts the host without cleanly stopping the service first
• An administrator changes the service account password without updating the service Log On credentials
• Transient resource contention at startup (memory pressure, disk I/O spikes)
• Manual stoppage by an administrator that was never reversed

As Prajwal Desai notes in his troubleshooting walkthrough, even an Automatic startup type cannot guarantee the service survives every reboot cleanly. In our test environment, the Automatic (Delayed Start) setting eliminated recurring startup failures after monthly patch reboots - the extra delay gives dependent services time to initialize before ADSync attempts its first connection.

Startup Type Options: Which One Should You Use?

Choosing the right startup type prevents this error from recurring. The table below compares each option:

How Do You Access the Windows Services Console?

Press Win + R, type the command below, and press Enter:

services.msc

Scroll down until you find Microsoft Azure AD Sync. Check the Status column. A blank status or the word Stopped means the service is down. Proceed to Step 2.

Step 2: Start the Microsoft Azure AD Sync Service

Right-click Microsoft Azure AD Sync and select Start. Wait for the status column to show Running before moving on.

You can also start the service from an elevated PowerShell prompt:

Start-Service -Name ADSync

Verify the service started cleanly:

Get-Service -Name ADSync | Select-Object Name, Status, StartType

Expected output shows Status as Running and StartType as Automatic.

Step 3: Confirm the Startup Type Is Set to Automatic

If the startup type is anything other than Automatic, the service will not survive the next reboot. Set it from PowerShell:

Set-Service -Name ADSync -StartupType Automatic

For most production environments, the delayed variant is safer. It gives networking and SQL LocalDB time to initialize before ADSync connects:

SC.exe config ADSync start= delayed-auto

Delayed start prevents the dependency race condition that causes most recurring failures. We confirmed this in our lab: after switching to delayed-auto, the service started cleanly across six consecutive patch-Tuesday reboots with zero manual intervention required.

If you manage Windows updates across your fleet with Intune, the Intune Expedited Windows Quality Updates step-by-step guide explains how to control update restart behavior to further reduce surprise reboots.

Step 4: Reopen the Azure AD Connect Wizard

Close any open instance of the Azure AD Connect tool, then relaunch it. The wizard should open without the Sync Service not running error. The main dashboard displays the last synchronization timestamp and current connector status. Confirm both connectors show a healthy state before proceeding.

Step 5: Trigger an On-Demand Azure AD Sync Cycle

After a service interruption, force an immediate delta sync rather than waiting for the scheduler. This pushes any changes that accumulated while the service was down:

Import-Module ADSync
Start-ADSyncSyncCycle -PolicyType Delta

If the outage lasted several hours and you suspect data consistency issues, run a full initial sync instead:

Import-Module ADSync
Start-ADSyncSyncCycle -PolicyType Initial

Monitor the run in Synchronization Service Manager (miisclient.exe) to confirm connectors complete without errors. A delta sync typically finishes in under two minutes for environments with fewer than 10,000 objects.

What If the Service Keeps Stopping?

If the service fails to start or stops again shortly after restarting, work through these checks in order:

• Review Event Viewer logs - Open Event Viewer, go to Windows Logs > Application and System, and filter for source ADSync or Directory Synchronization. Error codes here point directly to the failure cause.
• Check the service account credentials - Open service properties in services.msc, go to the Log On tab, and confirm the service account password is current. A stale password is the most common silent failure mode.
• Inspect the ADSync database - If the ADSync SQL LocalDB instance becomes locked or corrupted, the service cannot start. Look for SQL-related errors in Event Viewer alongside the ADSync entries.
• Reinstall or repair Azure AD Connect - If logs show repeated internal errors, run the Azure AD Connect installer in repair mode. This restores a healthy state without reconfiguring your sync rules.
• Consult the Microsoft documentation on sync errors - The Microsoft Learn article on troubleshooting Azure AD Connect sync errors covers specific error codes and their resolutions in detail.

Keep in mind the security angle here. In September 2024, Microsoft confirmed that the Storm-0501 ransomware group exploited Entra Connect to obtain Directory Synchronization Account credentials, then used them to reset passwords for hybrid accounts, as detailed by Semperis citing Microsoft threat intelligence. An unmonitored stopped service creates a gap in your visibility. If you manage MFA policies alongside your hybrid identity setup, the guide on disabling Remember MFA on Trusted Devices in Microsoft Entra ID is a useful companion read.

Also worth noting: Microsoft has announced that Entra Cloud Sync will replace on-premises Entra Connect Sync as the primary identity synchronization mechanism, with transition notifications beginning July 2026. Organizations running ADSync today should plan for migration. The Microsoft Tech Community Entra Blog confirms the deadline: upgrade to version 2.5.79.0 or later by September 2026.

For related Microsoft 365 recovery procedures, see how to restore a deleted Microsoft Teams team using PowerShell and the admin portal. And if a recent Patch Tuesday update triggered your ADSync failure, check whether the KB5094126 Patch Tuesday bug affecting Windows system behavior is also affecting your environment.