You may receive the following error when trying to trigger an Azure AD Connect synchronization:
Retrieving the COM class factory for remote component with CLSID {835BEE60-8731-4159-8BFF-941301D76D05} from machine DC-01 failed due to the following error: 80070005 DC-01. + CategoryInfo : WriteError: (Microsoft.Ident...ADSyncSyncCycle:StartADSyncSyncCycle) [Start-ADSyncSyncCycle], UnauthorizedAccessException + FullyQualifiedErrorId : Retrieving the COM class factory for remote component with CLSID {835BEE60-8731-4159-8BFF-941301D76D05} from machine DC-01 failed due to the following error: 80070005 DC-01.,Microsoft.IdentityManagement.PowerShell.Cmdlet.StartADSyncSyncCycle
This error message indicates that your account does not have the necessary privileges to perform Azure AD Connect synchronization.
To solve this error message add your account to the ADSyncOperators group.
If Azure AD Connect is installed on a domain controller this is a domain group.
If Azure AD Connect is installed on a member server this is a local group.
Add your account to the group:

Make sure to log off and log on to update your access token with the new group membership.
If you have multiple DC’s and Azure AD Connect is running on one of them, ensure that the updated group membership has been replicated between domain controllers before you log in again.
Use the WhoAmI command to verify if your group membership has been updated:
PS C:\Windows\system32> whoami /all
USER INFORMATION
----------------
User Name SID
======================= ============================================
gigacorp\adm.server.joe S-1-5-21-1571223705-546034849-413621382-1146
GROUP INFORMATION
-----------------
Group Name Type SID
========================================== ================ ===================
Everyone Well-known group S-1-1-0
BUILTIN\Users Alias S-1-5-32-545
BUILTIN\Administrators Alias S-1-5-32-544
NT AUTHORITY\REMOTE INTERACTIVE LOGON Well-known group S-1-5-14
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11
NT AUTHORITY\This Organization Well-known group S-1-5-15
LOCAL Well-known group S-1-2-0
GIGACORP\G.U.ServerAdmins Group S-1-5-21-1571223705
Authentication authority asserted identity Well-known group S-1-18-1
GIGACORP\ADSyncOperators Alias S-1-5-21-1571223705
Mandatory Label\High Mandatory Level Label S-1-16-12288
With the corrected privileges in place you can now perform the Azure AD Connect synchronization:
PS C:\Windows\system32> Enter-PSSession DC-01 [DC-01]: PS C:\Users\adm.server.joe\Documents> Start-ADSyncSyncCycle -PolicyType Delta Result ------ Success
Summary
If you receive an UnauthorizedAccessException when running Start-ADSyncSyncCycle make sure to add your account to the ADSyncOperators group on the Azure AD Connect server.
You need this configuration for smooth operation if you’re running Easy365Manager.
Easy365Manager is a powerful snap-in to AD Users & Computers which lets you manage email attributes and Office 365 mailboxes and licenses as part of your AD user properties:


With Easy365Manager you can also get rid of your Exchange on-premises.
Download a fully functional 30-day trial of Easy365Manager here.