Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Page | 1
As we already know, Azure AD Connect tool will sync all changes from on premise directory to azure
active directory, the synchronization process will use a scheduler to do this task, for example there is a
scheduler for password sync different than the scheduler for object/Attribute sync and maintenance
tasks.
Synchronization cycle: this will be used to import, sync and export all changes.
Maintenance tasks: Renew keys and certificates for Password reset and Device Registration
Service (DRS) in addition to delete the old log files.
To demonstrate more, let’s take a real example, open your AD Connect server and run the PowerShell
with administrative privilege then execute below command:
Get-ADSyncScheduler
Note: if the command is not available, you may need to load the PowerShell module by running
Import-Module ADsync first.
After the command executed successfully, we can obtain and understand some of schedule information
as below:
AllowedSyncCycleInterval: This means that the Auto synchronization will be happens every 30 minutes,
you can change this value by set the CustomizedSyncCycleInterval attribute which is empty in our
example since we didn’t change yet. However, you cannot set this value to be less than 30 minutes even
the command will accept a value less than 30 minutes but it will not take an effect.
If we try to get the scheduler information again, we can have noticed than the customized value should
be 3 hours as shown below:
Page | 2
Now, let’s try to set the value to be less than 30 minutes, if we run below command which will set the
value to be 10 minutes, a warning will appear inform us that even if the command will be executed the
value which will be used is 30 minutes not 10 minutes:
NextSyncCyclePolicyType: this field have two option, either Delta or initial, if the syncing didn’t happen
at all then it’s value will be initial to do a full sync, otherwise it will be Delta to just sync the changes
happened since last synchronization.
NextSyncCycleStartTimeInUTC: this define when the next sync cycle will start.
PurgeRunHistoryInterval: this value defines how many days the logs should remain before got purged,
the default value is 7 days.
SyncCycleEnabled: this is shows the status of auto syncing whether it’s enabled or not.
CustomizedSyncCycleInterval
NextSyncCyclePolicyType
PurgeRunHistoryInterval Page | 3
SyncCycleEnabled
MaintenanceEnabled
As we mentioned that the scheduler by default will run every 30 minutes, in some cases you may need
to force run the synchronization in between the interval cycle to speed up the process to replicate new
changes or added new objects.
For example, assume that the next sync cycle will be run after 15 minutes and you added a new object
and need to replicate it to Azure AD immediately, in such cases you should force the sync to be run
manually either by commands or GUI.
There are two types of Sync available in AD Connect tool, Delta Sync and Full Sync, each one of these
types have its own scenarios and it’s will replicate the changes to Azure Active Directory.
Delta synchronization is used to replicate the changes made in existing objects, in other word Delta sync
will affect only existing objects which was synced before if any changes made on it.
To force Delta sync to be run Immediately, open the PowerShell with administrative privilege and run
below command:
Start-ADSyncSyncCycle -PolicyType Delta
Now, let’s see what happened exactly when we run the Delta Synchronization, open MsiiClient.exe
console which located by default under C:\Program Files\Microsoft Azure AD Sync\UIShell.
Form above screenshot we can noticed that three processes was run in each connector, the local AD
connector and the Azure AD one which result to six operations was done.
Now, since we didn’t make any changes before run the delta sync, we can notice that no changes
detected and nothing exported by local connector as below snapshots from the management console:
Now I changed the Job title for a user called “Ali Saleh” which was already synced, the old value was
empty and the new one is “IT Manager”.
I ran the Delta Sync command again, we can have noticed that the result was changed, since this change
made in our local active directory all three operations Delta Import, Delta Synchronization and Export
should know that a new change was made and should be synced.
If we open the Delta Import operation for the local connector it should display that there is one object
has been changed as shown below:
Click on the updates you will see which object(s) has been changed since last sync cycle which is in our
case “Ali Saleh” user as shown below:
Page | 7
If we click in the updates it will show CN for the object which changed since last sync cycle as shown
below, double click in the object:
Page | 8
To force Full sync to be run Immediately, open the PowerShell with administrative privilege and run
below command:
Start-ADSyncSyncCycle -PolicyType Initial
Before I ran the force full sync command I created a new user called “Ahmad Yasin”, just a quick
demonstration to see what happens in the connector operations, let see the status of Full Import
operation for the local connector, we can notice there is one object added as shown below:
Page | 10
Also you can clearly see that a new object provisioned in the Full Synchronization operation for local
connector as appear below:
If you use an outbound proxy to access internet then you may face an issues while running AD Connect
synchronization process, to avoid this and to force AD Connect use your proxy server, navigate to
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config and open
machine.config file using any editor like Notepad, you should add below section at the
end of the page before </configuration> tag and make the changes based in your proxy
Address and port:
<system.net>
<defaultProxy>
<proxy
usesystemdefault="true"
proxyaddress="http://<PROXYADDRESS>:<PROXYPORT>"
bypassonlocal="true"
/>
</defaultProxy>
</system.net>
For example, my proxy address is 192.168.10.1 and listen to port 8080, so the edit should be similar like
below:
About Blogger …
Ahmad Yasin in a Microsoft Cloud Engineer and the Owner & publisher of AzureDummies
blog. He also holds many certificates in office 365 and windows azure including Developing
Microsoft Azure Solutions, Implementing Microsoft Azure Infrastructure Solutions and MCSA
office 365.
Find Ahmad at Facebook and LinkedIn.