Hi everyone,
(this is copy of the post I made in the Azure AD Forum here: social.technet.microsoft.com/.../password-synchronization-has-stopped-working)
Thank you for bringing this issue to our attention! It appears to be something specific with the way Windows 2003 Server Domain Controllers handle certain corner-scenarios. We have updated our handling for this scenario and re-released the DirSync client with this update (version 6411.0011). You can get the updated DirSync from the Admin Portal (where you downloaded the previous version). Just uninstall the old DirSync and install the new one.
This fix addresses the specific EventID=611 with error description like:
Password synchronization failed for domain: Domain.COM. Details:
Microsoft.Online.PasswordSynchronization.SynchronizationManagerException: Recovery task failed. ---> Microsoft.Online.PasswordSynchronization.DirectoryReplicationServices.DrsException: RPC Error 8439 : The distinguished name specified for this replication operation is invalid. There was an error calling _IDL_DRSGetNCChanges.
Thanks!
Jono