If you want to do configurations like Windows 10 Hybrid Domain join of Office 365 Group Writeback in Azure AD Connect you need to run commands in Powershell to make that happen. But if you have a fresh new server and have just installed AAD Connect on it you will get an error when trying to run the commands necessary. The error is something like this: dsacls.exe : The term ‘dsacls.exe’ is not recognized as the name of a cmdlet, function, and is coming calling funtions inside “C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1” . If we take a look at the function we are trying to run “Initialize-ADSyncDomainJoinedComputerSync” we will see that in fact this function is using dsacls.exe to set rights on OUs in Active Directory.
The solution is simple and easy. To be able to configure these features we need to install the ADDS module for Windows Powershell and ADDS Snap-Ins and and Command-line Tools.
When you have installed this, rerun the command and see the magic happen.