Azure AD Connect – Unable to validate credentials due to an unexpected error.
In case you will get the following error message at connecting to Azure AD, there will be a good chance that only the password for your Azure AD global administrator is expired.
So try to login Azure AD Connect by using the interactive authentication. Therefore change to the directory where Azure AD Connect binary is homed.
C:Program FilesMicrosoft Azure Active Directory Connect
Start Azure AD Connect by using the /InteractiveAuth switch.
AzureADConnect.exe /InteractiveAuth
Select Customize synchronization options.
You need to enter your Azure AD global administrator account and because of using the /InteractiveAuth switch previously, you will get forced to process a complete OAuth 2.0 authorization flow and therefore if your password is expired, you will get the well known dialog to set a new one as shown below.
Here you can see that only the password from my Azure AD global administrator is expired and I have to set a new one.
After that I was able to connect to Azure AD.
If this wasn’t your issue, please read the article from Microsoft below about troubleshooting Azure AD connectivity.
In case you want to know more about OAuth, you will find a few posts about in my blog and the following link.
Links
Troubleshoot Azure AD connectivity
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-connectivity