Fix: Start-ADSyncSyncCycle : Retrieving the COM class factory for remote component with CLSID {835BEE60-8731-4159-8BFF-941301D76D05}

Helpdesk users with limited administrative privileges may encounter the follow error when running the Start-ADSyncSyncCycle cmdlet:

PS C:\WINDOWS\system32> Start-ADSyncSyncCycle
Start-ADSyncSyncCycle : Retrieving the COM class factory for remote component with CLSID
{835BEE60-8731-4159-8BFF-941301D76D05} from machine failed due to the following error: 80070005

Fix: Start-ADSyncSyncCycle : Retrieving the COM class factory for remote component with CLSID {835BEE60-8731-4159-8BFF-941301D76D05} 1

To sync Azure AD, you need to be a member of the ADSyncOperators local group on the Azure AD Connect server. (Or local administrator, that should work too :) ). To do so, connect a Computer Management session to the Azure AD server, and add the user to the ADSyncOperators group under Local Users and Groups

Fix: Start-ADSyncSyncCycle : Retrieving the COM class factory for remote component with CLSID {835BEE60-8731-4159-8BFF-941301D76D05} 2

Synchronization to Azure runs on a scheduled basis. However, you may want to run the Start-ADSyncSyncCycle cmdlet manually if you have created a user or changed group membership and want to reflect that change in Azure AD immediately.

I wrote an simple Powershell script to sync Active Directory with Azure remotely from our management server. This script allows users with limited administrative privileges (like Helpdesk, Servicedesk, or Application Administrators) to force a sync of users and groups.

To remotely start this script, the user need to a be a member of the following local groups on the Azure AD Connect server:
Remote Management Users
ADSyncOperators

Save the script as a ps1 file, and create a shortcut for your Helpdesk user that targets something like “powershell.exe c:\script\scriptname.ps1”

By the way: if you try to run the script remotely, but you didn’t add the user to the Remote Management Users group, the following error message pops up:

PS C:\WINDOWS\system32> Start-ADSyncSyncCycle
Connecting to remote server failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.

Fix: Start-ADSyncSyncCycle : Retrieving the COM class factory for remote component with CLSID {835BEE60-8731-4159-8BFF-941301D76D05} 3

Leave a Reply

avatar
  Subscribe  
Notify of