I don't know if this is something that only happens in my environment, but it happens.
When ever I start AADConnect and make a change in the configuration, add an OU for example, and save the change SSO breaks.
Quick way to see what's up is here:
If there are zero Seamless single sign-on domain's than you know what's up.
The SSO trust is broken.
There is a blogpost on docs.microsoft.com about it:
Azure Active Directory Connect: Troubleshoot Seamless Single Sign-On | Microsoft Docs
The steps listed there are in this script below.
Run this from the AADConnect machine:
# https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso # Import the Seamless SSO PowerShell module cd \ cd 'C:\Program Files\Microsoft Azure Active Directory Connect' Import-Module .\AzureADSSO.psd1 # Get the list of Active Directory forests on which Seamless SSO has been enabled New-AzureADSSOAuthenticationContext Get-AzureADSSOStatus #Disable Seamless SSO for each Active Directory forest where you've set up the feature $creds = Get-Credential domain\username Disable-AzureADSSOForest -OnPremCredentials $creds # Enable Seamless SSO for each Active Directory forest Enable-AzureADSSOForest # Enable the feature on your tenant Enable-AzureADSSO -Enable $true