This issue might occur if GPO (Group Policy) contains restrictions of who can logon as a service and is only applied at reboot. So initially after the install it runs just fine until the GPO is applied, Please follow the below steps to resolve this:
- Get the Username that is being used to login to the service listed in Services.msc under Windows Azure Active Directory Sync Service
- Add that user to the local “Administrators” user group
- Open the Default domain GPO and navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment
- Open “Log on as a service” and add the computer’s local “Administrators” user group
- Go back to the DirSync Server and perform the “gpupdate /force”
- Then perform “Start-onlineCoexistanceSync” in the DirSyncPowershell