Sync scheduler
To change the Sync internal default 30- minutes to more say 1 Hour.
Once you make the change the Sync cycle will be effective after one Sync cycle is finished as shown
above.
Disable the scheduler
If you need to make configuration changes, then you want to disable the scheduler. For example, when you configure filtering or make changes to synchronization rules.
To disable the scheduler, run Set-ADSyncScheduler -SyncCycleEnabled $false.
Enable the scheduler
Set-ADSyncScheduler -SyncCycleEnabled $true.
Reference: Azure AD Connect sync: Scheduler
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-featurescheduler
PowerShell to get DirSync Provisioning Errors
Please use the link https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/duplicate-attributes-prevent-dirsync as a reference for the issues related to:
- To Get all objects with provisioning errors:
GetMsolDirSyncProvisioningError -ErrorCategoryp PropertyConflict - To Get all objects with provisioning errors using the UserPrincipalName attribute:
GetMsolDirSyncProvisioningError -ErrorCategory PropertyConflict – PropertyName UserPrincipalName - To Get all objects with provisioning errors using the ProxyAddress attribute:
GetMsolDirSyncProvisioningError -ErrorCategory PropertyConflict - PropertyName
ProxyAddresses
Stopped-deletion-threshold-exceeded
When installing Azure AD Connect, prevent accidental deletes is enabled by default and configured to not allow an export with more than 500 deletes. This feature is designed to protect you from accidental configuration changes and changes to your on premises directory that would affect many users and other objects.
Duplicate Attribute Resiliency
Duplicate Attribute Resiliency is a feature in Azure Active Directory that will eliminate friction caused by UserPrincipalName and ProxyAddress conflicts when running one of Microsoft’s synchronization tools. Behavior with Duplicate Attribute Resiliency: Instead of completely failing to provision or update an object with a duplicate attribute, Azure Active Directory “quarantines” the duplicate attribute which would violate the uniqueness constraint. If this attribute is required for provisioning, like UserPrincipalName, the service assigns a placeholder value. The format of these temporary values is “+<4DigitNumber>@.onmicrosoft.com”. If the attribute is not required, like a ProxyAddress, Azure Active Directory simply quarantines the conflict attribute and proceeds with the object creation or update.
How to check if Duplicate attribute resiliency feature in Set or not?
Reference: Identity synchronization and duplicate attribute resiliency
https://docs.microsoft.com/enus/azure/active-directory/hybrid/how-to-connect-syncservice-duplicate-
Active Directory
To check the DistinuguishName [ DN ] of Object/user in Active Directory.
Open the Objects properties in the Active directory and choose “Attribute Editor” tab. We can get the
distinuguishname attribute
How to collect LDP dump?
Use CMD run as administrator on DC and run below command:
Ldifde -f filename.txt -d “Distinguish Name of User”
How to check if AD replication is working fine.?
Use CMD run as administrator on PDC and run below command :
Repadmin /showrepl * /csv >replicationStatus.csv
Please collect above output and look for Last Failure Time, Last Success Time, Last Failure Status
Scoping and data collection
Client installation errors are captured in the following log: %temp%\AdHealthAadSyncAgentConfiguration.<date>.log
Agent / Server connectivity is tested by issuing the following PowerShell command on the DC hosting the agent:
Test-AzureADConnectHealthConnectivity –Role Sync –ShowResult
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#manual-azuread-connect-health-for-sync-registration
Reconfiguration (appwiz.cpl)
1. Select “Microsoft Azure AD Connect Health agent for Sync”.
2. Click “Change”
3. Click “Configure Now”
Reinstallation
Should the agent be uninstalled using Add / Remove Programs it can be reinstalled by running Azure AD Connect - Configure and choosing Customize synchronization options, accepting the defaults. That will reinstall the agent.
As an alternative to re-running Azure AD Connect - Configure, follow these steps:
1. Locate the setup packages (msi) at: C:\Program Files\Microsoft Azure Active Directory Connect\SetupFiles
2. Install AadConnectHealthAadSyncSetup.exe (double click)
3. Follow registration instructions from here . (https://docs.microsoft.com/en-us/azure/active-directory/connect-health/active-directory-aadconnect-health-agent-install
Azure AD Connect logs
%ProgramData%\AADConnect\trace-*.log.Authentication Agent event logs
Application andServiceLogs\Microsoft\AzureAdConnect\AuthenticationAgent\Admin.
Detailed trace logs
%ProgramData%\Microsoft\Azure AD Connect Authentication Agent\Trace\
PowerShell Logs
%userprofile%\AppData\Local\Microsoft\Office365\Powershell
Some relevant links for AAD troubleshooting
- Troubleshoot an object that is not synchronizing with Azure Active Directory :
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-object-not-syncing - Troubleshoot object synchronization with Azure AD Connect sync:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-objectsync - Troubleshooting Errors during synchronization :
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sync-errors - Troubleshooting Source Anchor Issues during Installation :
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-source-anchor - Azure AD Connect sync: Understanding Declarative Provisioning:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/concept-azure-ad-connect-syncdeclarative-provisioning - Understanding Azure AD Connect 1.4. 18.x and device disappearance :
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connectdevicedisappearance - Exchange Online Improvements to Accelerate Replication of Changes to Azure Active Directory:
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Exchange-OnlineImprovements-toAccelerate-Replication-of/ba-p/837218
Comments
0 comments
Please sign in to leave a comment.