Implementing DirSync is most times pretty straight forward, as long as you have the proper AAD and AD permissions on your accounts. From experience, it might get a bit more complicated is when you have multi-domain forests in your environment.
A while ago while going through DirSync Configuration Wizard in a multi-domain environment, I got a the error “The user name or password is incorrect“. The DirSync server was installed in the root domain.
Since the wizard is validating both the AD and AAD credentials while going through the wizard, I found the error very strange.
Looking in to the event log, I found that the last event before the error was an informational one – “Updating permissions in the domain “child.domain.com”. Looking in the root domain, the wizard had updated the permissions for the AAD-account there, but not in the child domain.
Apparently, the solution to the problem was very easy and somewhat logical (depending on how you see it).
The Enterprise Admin AD account used in the wizard, was existing with the same samAccountName in both the root and the child domain. After using an account that was not present in the child domain, the wizard went through fine. Another “solution” that would have worked had been to make sure the password was the same on the accounts. I do however not like synchronizing passwords between accounts, so I chose to use another account.