Skip Navigation LinksAzure-Active-Directory-Sync-(AAD-Sync)

​​


Azure Active Directory Sync AAD Sync


 

 

Directory synchronization support boundaries for Azure Active Directory  VKB# 2723552

This article describes the technical support boundaries for directory synchronization in Azure, Office 365

 

Microsoft Azure Active Directory Sync Services

http://www.microsoft.com/en-us/download/confirmation.aspx?id=44225

image001.png 
Agree the license's terms and then click "Install"

image002.png 

It Will install the icon in the desktop

image004.png 

If the administrator wants to use multiple forest, click ADD, if not, Click "Next"

 image005.png

Click "Next"

image006.png

If the administrator wants to select different "Matching With Azure AD" they can select from the list:

 image008.png

Can select "userPrincipalName attribute"

 image009.jpg

I will keep the original setting, Click "NEXT"

 image012.png

 

They can select the following Azure AD Sync features can be enabled if your organization requires the enhanced functionality:

Selected "Password Synchronization"

 image013.png

 

Select "Configure"

image014.png

 After the installation finished, click "Finish" and keep selected "Synchroniza Now"

 image015.png

 

 

After the AAD Sync wizard finish, it will require the user to LogOff and Login back to receive the AADSyncAdmins group's permissions.

 image016.png

 

1. Click Start , type compmgmt.msc in the search box, and then press Enter to open Computer Management.
2. Under Computer Management , expand Local Users and Groups , and then expand Groups .
3. Make sure that the ADSyncAdmins group exists. If this group is missing, create a new group, and name it ADSyncAdmins.
4.

Add yourself to the ADSyncAdmins group.

 image017.png



5. Log off, and then log on to the computer again.

 

How to locate the MISSClient.exe

 

Start > All ProgramsAzure AD Sync > select "Synchronization Services"

image018.png 

From folder location:

"C:\Program Files\Microsoft Azure AD Sync\UIShell\miisclient.exe"

 

 

How can I run AAD Sync from the command prompt?

 

To run AAD Sync from the command prompt, you can use a tool called DirectorySyncClientCmd.

You can find the tool in the following folder: %ProgramFiles%\ Microsoft Azure AD Sync\Bin

The tool supports the following options:

Initial

Delta

 

From: http://msdn.microsoft.com/en-us/library/azure/dn783460.aspx

 

Create a desktop icon in the desktop for "DirectorySyncClientCmd - Shortcut"

image019.png 

"C:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe"

image020.png 

To Force Delta Synchronization, double click "DirectorySyncClientCmd - Shortcut"

It will automatically force the synchronization:

image022.png 

 

 

  • Perform a Full Sync: on the Connectors tab, right-click SourceAD, click Run,

http://msdn.microsoft.com/en-us/library/azure/dn801051.aspx

 

image023.png 

click Full Synchronization, and then click OK.

 image024.png

 

 

How to start a Full synchronization using Command Prompt:

Type:

CD C:\Program Files\Microsoft Azure AD Sync\Bin

image025.png 

Run :

DirectorySyncClientCmd.exe Initial

image027.png 

The Initial will Synchronize Complete Full Synchronization:

 image029.png

 

How to troubleshoot Password synchronizations events:

 image030.png

 

How to use Event Viewer (eventvwr.msc)

Application log


 

Start run eventvwr.msc  > "Windows Logs" > Application >

image032.png

 

 "Filter Current Log"

image033.png

 

Select the "Event ID" and the type  657, 656, 654, 653,651,650

image034.png

Click "Save all event as"

image036.png

 

 Type the name of the event, and then compress the file to attach in the case or to send it to the support engineer.

 image037.png

 

 

 

 

 

 

 

 

=============================================================================

 

Troubleshooting:

​More Information:

To install Azure AD Sync, you need a computer running the Windows Server operating system.

The following versions are supported:

  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2

 

Your computer can be stand-alone, a member server or a domain controller.

The following components need to be installed:

  • .Net 4.5
  • PowerShell (PS3 or better is required)

 

VKB# 2994775 Azure AD Sync Services roadmap

Additional resources:

For more info about AADSync, see the following resources:

Internal blog:  https://microsoft.sharepoint.com/teams/iamsupport/aadsync
External bloghttp://blogs.technet.com/aadsyncsupport
AADSync documents on the team portal: https://microsoft.sharepoint.com/teams/iamsupport/SitePages/Home.aspx?RootFolder=%2Fteams%2Fiamsupport%2FShared%20Documents%2FAADSync&FolderCTID=0x0120006A3DDA5CE122FD4AAFA4BCB82BD8C0D7&View=%7BD61B7468%2D48BE%2D496E%2DB8EA%2D4C1226BBC4ED%7D
AADSync OneNote: OneNote notebook
AADSync wiki: http://go.microsoft.com/fwlink/?LinkID=393942

Training

Anyone who is helping customers with AADSync should read and be familiar with the following internal articles:

2723552 Directory synchronization support boundaries for Azure Active Directory

The following is the official training that our support engineers take:


Azure AD Sync (AADSync)
PCIT302.TR19 Azure AD Sync – The next generation DirSync
PCIT334.TR19 Azure AD Sync – Advanced configuration and declarative provisioning

 

 

 

VKB# 3001221 AADSYNC: Azure AD SYnc (AADSYNC) General Availability Announcement + Resources (2014.09.15)

 

Azure Active Directory Synchronization Services (AAD Sync)

http://msdn.microsoft.com/en-us/library/azure/dn790204.aspx

 

Install the AADSync Service

AADSync Scenario Overview

AADSync Technical Concepts

Understanding the default configuration

Configure filtering

Understanding Declarative Provisioning Expressions

Moving from DirSync or FIM to AADSync

Understanding Users and Contacts in AADSync

AADSync Frequently Asked Questions

Attributes synchronized to Azure AD

Implement password synchronization with AAD Sync

AAD Sync Version Release History

http://msdn.microsoft.com/en-us/library/azure/dn790204.aspx

 

Moving from DirSync or FIM to AADSync

http://msdn.microsoft.com/en-us/library/azure/dn783462.aspx

 

AADSync Frequently Asked Questions

http://msdn.microsoft.com/en-us/library/azure/dn783460.aspx

 

 

 

 

If you're using Azure Active Directory Sync (AAD Sync) Services

1. Click Start , type services.msc in the search box, and then press Enter.
2. In the list of services, right-click Windows Azure Active Directory Synchronization Service , and then click Properties .
3. Click the Log On tab.
4. Make sure that the account is set to the directory synchronization service account. For example: AAD_< nnnnnnnnnnnn > or MSOL_< nnnnnnnnnnnn >.
5.

If the account is not set to the directory synchronization service account, select the directory synchronization service account.

 

The directory synchronization service account is located in the Users OU of the forest domain. If this account is in another location, move it to the Users OU of the forest domain. 

 

Note If the account does not exist, run the Azure Active Directory Synchronization tool Configuration Wizard.

6. Repeat steps 2–5 for the Forefront Identity Manager Synchronization Service.

 

 

 

Scenario with DirSync Disabled from Office 365 portal

Error:

Directory Synchronization has not yet enabled in Azure. Please go to the Management Portal and enable Directory Synchronization. Then try again.

 

image039.png 

 

 

 

Scenario with Incorrect order of local forest credential information:

 

 image040.png

 

 

 

 

Services Associated with AAD Sync Tool:

​Microsoft Azure AD Sync

 image041.png

To stop the  Microsoft Azure AD Sync from PowerShell or Command Prompt (CMD)

Net Stop ADSync

 

To start the  Microsoft Azure AD Sync

Net Start ADSync

 image042.png

 

 

Installation Requirements

 

The objective of this section is to list the requirements that need to be fulfilled to install Azure AD Sync in your environment.

Azure AD Sync enables you to integrate your on-premises Active Directory Domain Service with your Azure AD directory.

As a consequence of this, you need access to your on-premises Active Directory Domain Service as well as access to a valid Azure subscription that has an Azure AD directory installed.

To install Azure AD Sync, you need a computer running the Windows Server operating system.

The following versions are supported:

  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2

 

Your computer can be stand-alone, a member server or a domain controller.

The following components need to be installed:

  • .Net 4.5
  • PowerShell (PS3 or better is required)

 

You need an account with local administrator privileges on your computer to install Azure AD Sync.

Azure AD Sync requires a SQL Server database to store identity data. By default a SQL Express LocalDB (a light version of SQL Server Express) is installed and the service account for the service is created on the local machine.

SQL Server Express has a 10GB size limit that enables you to manage approximately 100.000 objects.

If you need to manager a higher volume of directory objects, you need to point the installation process to a different version of SQL Server.

AAD Sync supports all flavors of Microsoft SQL Server from SQL Server 2008 to SQL Server 2014.

 

http://msdn.microsoft.com/en-us/library/azure/dn757602.aspx

 

​ 

Support.png