Manually running Azure ad sync does nothing

Question

When running a sync from the tool for both connectors the sycn is not reflected in the admin console.
Running a full import, full synchronization, delta import or delta synchronization does nothing. It's very frustrating because I have to wait 30 minutes for the sync to happen manually when making changes in AD that I want reflected in Azure.

My luck happens that I never make the change when 29 minutes have passed, but when 1 or 2 minutes have passed since the last sync.

Does anyone else have this same experience, can I not manually sync and if not why?

Answer 1

Hi @John Long , have you gone through the troubleshooting steps for this? Both the page I linked and others in the same blade should be able to help. I'm sorry that this isn't an exact answer but it will help us narrow down the issue if not solve it. Also, have you gotten any errors during this process? Please let me know and I can continue to assist you.

Best,
James

Answer 2

There are three distinct run profiles in AAD Connect:

Import
Synchronization
Export

Import and Synchronization have two variations - Full and Delta. Full Import/Synchronization process all objects, whereas Delta Import/Synchronization only process objects that have been marked as having a change in AD since the last time a synchronization was run.

The flow of AAD Connect's "sync cycle" is in three parts:

1) Import from all connected directories - in a single-forest environment this would be an import from AD, and an import from AAD. Data read from a connected directory is stored inside of AAD Connect's SQL database in a location referred to in AAD Connect's architecture as a "connector space".

2) Synchronize objects stored in the connector space connected to each directory - "synchronize" in this context means apply the synchronization rules that exist for a given connector(connected directory) against all eligible objects in the connector space.

3) Export all pending changes(add/update/delete) from the connector spaces connected to each directory - in this step, any changes calculated during the synchronization run profile are exported out from AAD Connect's database/connector spaces into AD/AAD (what changes and where they go are determined by the sync rules)

I laid all of that out to provide a background on what your problem most likely is - you mentioned that you have run full/delta import, and full/delta synchronization.. but you haven't run an export. In order to pick up a change from AD and propagate it all the way to AAD, you'll need to do the following:

1) Delta import on the connector associated with the on-prem AD where the change was made
2) Delta synchronization on the connector associated with the on-prem AD where the change was made
3) Export on the Azure AD connector

Step 1 reads the change from AD, step 2 applies the synchronization rules that are tied to that connector(on-prem AD) to the object - those rules primarily serving the purpose of "if an object has certain attribute values present in AD, send those same values to <target in AAD>". The rules also control creation/deletion of objects as objects are observed being created and deleted in AD. Step 3, export, is what takes those changes calculated in the earlier steps and actually performs an action on the connected directory to create/update/delete something.

Alternatively, you can open PowerShell on the AAD Connect server, make sure that the ADSync module is loaded (Import-Module ADSync), and run Start-ADSyncSyncCycle -PolicyType Delta which will kick off delta imports on all connectors -> delta synchronizations on all connectors -> exports on all connectors.