I’ve been updating and installing the latest versions of AAD Connect recently (v1.1.750.0 to the latest v1.1.819.0) and noticed that I could not create a brand new custom ‘Connector’ using any of the following out of the box Connector templates:
- Generic SQL
- Generic LDAP (didn’t happen to me but I’ve seen reports it’s impacting others)
- Web Service
The message in the AAD Connect Synchronisation Engine would appear as:
“The extension could not be loaded”
each time I tried to create a Connector with any of the above templates.
The Application Log in Event Viewer was a bit more helpful (specifying the PowerShell Connector):
“Could not load file or assembly ‘Microsoft.IAM.Connector.PowerShell, Version=184.108.40.206, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. Strong name signature could not be verified. The assembly may have been tampered with, or it was delay signed but not fully signed with the correct private key. (Exception from HRESULT: 0x80131045)”
The text: ‘strong name signature could not be verified’ lead me to this article:
Basically, AAD Connect’s web assembly is rejecting the DLLs for the Connectors. To circumvent this strong name signature verification for these DLLs, you need to run the following command:
sn.exe -Vr *,31bf3856ad364e35
where 31..35 is the number that corresponds to the ‘PublicKeyToken’ mentioned in the Event Viewer log. I’m 99% certain this is a static value (based on another user reporting this issue to Microsoft) so the above command should work for you as well.
In terms of the location of the correct ‘sn.exe’, my AAD Connect had four versions installed onto it – you might have more depending on the number of versions of the .NET Framework you have installed. I suggest you try first the latest .NET framework version, and specify the x64 folder (since AAD Connect is 64-bit). I also strongly suggest you restart the Windows Server/s hosting AAD Connect after you apply it too.