Thursday, June 16, 2022

Start a Manual Sync of Local AD to Azure



Start a manual sync of Active Directory changes easily using PowerShell on your Azure AD sync server. Password resets are fast, they occur immediately but other AD object and properties don't replicate to azure so quickly. Microsoft has restricted Azure AD connect services to 30 minute interval for syncing updates, additions , or changes to local Microsoft AD to Azure. So this means that even new user accounts added to your local Active Directory will take up to 30 minutes or more to sync up to Azure. 

If you have multiple sites with active directory controllers located at each site you may also have a delay due to internal local Active directory replication. Make sure your AD is free of errors and sync your local AD first. Syncing AD and syncing local AD to Azure can be done remotely or through a local console of the server. For remote access, online desktop support software can provide the remote control access you need. With applications for support, you could even work on networking devices remotely such as firewall's network switches and routers. Software for online computer support is used for both server and desktop support. Active Directory issue can be resolved with remote support software and also desktop applications. 

I've used the following command to sync all domain controllers. The options to the command line cause all domain controllers enterprise-wide to sync. So that means the domain controller server that are local to the Azure Sync server and other domain controllers that are located i other office or datacenters replicate  and sync.  

open an elevated command prompt on a domain controller and enter the following command to sync all domain controllers. 

                              repadmin /syncall /APeD 

Case is important with this command as upper case and loser case letters could have different options and thus do different things. None of which would be destructive but you may also not get the desired affect if the case of the letters is wrong.  Access  your domain controller using RDP or VMware console of if it's physical server get on the console of it. 

Syncing domain controllers should only take a few seconds to a minute. Once that's done, open a PowerShell command on the Azure sync server (that's the server running the Azure AD connect services).
Run the command from the PowerShell prompt to sync local changes and updates to Azure. 

                            Start-SyncSyncCycle -PolicyType Delta 

This will trigger and immediate syncing of changes updates and additions to Azure. After the sync is complete, you may have to wait several seconds to a minute at times to the changes in Azure. 




Share/Save/Bookmark