We have been syncing our main domain to Azure through the Azure AD Connect for a couple of years. I recently added a child domain. I honestly could not find a great article on everything I needed to do in order to give my AD Connector account access to the child domain.
I ran the following to gift it permissions: Set-ADSyncBasicReadPermissions Set-ADSyncMsDsConsistencyGuidPermissions Set-ADSyncPasswordHashSyncPermissions
I made sure those rights were set to all descendant objects, so I did not have inheriting issues.
I added a test user to the child domain. When AD Connect runs, I get an error on the child domain:
Connection Data source error code: 8344 Connected data source error: Insufficient access rights to perform this operation
If I click on log there are two entries in the object log: Password Sync - Success Password Sync - NoTargetConnection
I found a troubleshooting doc in the Microsoft Azure documentation. I walked through it, but did not find any problems.
I have googled this to death and haven't found an article that reveals my problem. Hoping there is an expert out here that has a solution!