Azure AD is a service that provides identity and access management capabilities in the cloud. With Pass-through Authentication, users are able to sign in to both on-premises and cloud-based applications using the same credentials. When synchronized and the user performs a sign-in request to cloud applications, this feature validates users’ credentials directly against your on-premises Active Directory. Please see the following guide Azure Active Directory integration with on-Premise AD using PTA for more information and also this guide for reasons to deploy AAD, how to set up Azure AD Tenant, how to add or delete users, and set permissions in Azure Active Directory, why do I need to deploy Azure Active Directory and how to use the built-in AAD Connect troubleshooting tool.
When a sync cycle is running, you cannot make configuration changes. You could wait until the scheduler has finished the process, but you can also stop it so you can make your changes immediately. Stopping the current cycle is not harmful and pending changes are processed with the next run. - Start by telling the scheduler to stop its current cycle with the PowerShell cmdlet Stop-ADSyncSyncCycle.
As described above, this error was thrown because the synchronization was in progress and you launched the AD Connect Tool from the Desktop or Start Menu and this confused the system thinking you have made some configuration changes that need to be applied before the Azure AD Connect can proceed.
If you would love to stop the synchronisation cycle and make some changes, please follow the following steps below.
Then, run the following cmdlet to have the sync disabled.
– Please remember, we will have it enabled again.
Set-ADSyncScheduler -SyncCycleEnabled $false
Once done, go back to the Azure AD Connect application and enter the global administrator username and password again.
On the next screen, you will be able to modify the user sign-in methods. From the menu select “Pass-through Authentication”, also from the say menu select “Enable single sign-on” to allow single sign-on for your corporate desktop users.
This account needs to be a Cloud only account. What this means is that "in the event of on-premise failure this account will be able to manage Pass-Through Authentication. Do not Lose this account".
To have the next steps completed, please follow the following how-to article on “Pass-Through Authentication: How to Synchronise your on-premise AD with Azure AD using Azure AD Connect tool“.
To start a synchronisation, run the following command below or select the checkbox to have the sync run on the AD Connect UI.
Start-ADSyncSyncCycle -PolicyType Delta
It may interest you to know, a Startup menu of Azure AD Connect will also be available to you as shown below- Here you can manually perform full or manual synchronization of our on-premise environment to the Azure AD using the “synchronization Service”
- Also, you can reconfigure what you probably must have missed during the initial configuration using “Azure AD Connect”
Click on Synchronisation Service as shown, you can explorer all others as well. Here you will be able to see the operations that took place behind the scene.
You can read more here from the Microsoft official documentation. See this guide for a similar error “The synchronization service scheduler is suspended until the setup wizard is closed“
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.