SCCM collection cloud sync to Azure AD group (co-management) scenario Hybrid AAD Join

Question

Hi all,

Recently we configured co-management and wanted to test Cloud Sync feature. AAD User and Group Discovery is configured. Cloud sync is enabled. SCCM is running HTTPS-only and all prerequisites are met.

But when we try to sync SCCM collection to Azure AD group it doesn't work and no messages in CollectionAADGroupSyncWorker.log and no errors.

Also I gave permissions to configmgr server app to that Azure AD group. Only thing that I noticed that in SCCM SQL database clients has AADTenantID showing NULL but if I check device from ConfiMgr by clicking properties on same device it's showing be Azure AD Tenant ID, but it's not populated in SCCM SQL databases table.

CollectionAADGroupSyncWorker.log, showing no errors. Also after SCCM upgrade to 2211 version we could see Collection cloud Sync and Device collection sync status which only shows failed without any descriptions:

Answer 1

Hi, @Eduards

Thanks very much for your feedback. We're glad that the problem is solved now. Here's a short summary for the problem, we believe this will help other users to search for useful information more quickly.

Problem/Symptom:

When try to sync SCCM collection to Azure AD group it doesn't work and no messages in CollectionAADGroupSyncWorker.log and no errors. All prerequisites were met.

In SCCM SQL database clients has AADTenantID showing NULL but if check device from ConfiMgr by clicking properties on same device it's showing Azure AD Tenant ID.

Solution/Workaround:

1. In SCCM go to Administration \ Cloud Services \ Azure Active Directory Tenants;
2. Select your existing tenant and select cloud management "CMG-ServerApp" and right click:
3. Then click Update Application Settings and then we will get this notification:
4. After that I re-enabled "Cloud Sync" and now devices are synchronizing to Azure AD group.

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hi, @Eduards

Thank you for posting in Microsoft Q&A forum.

The Cloud Sync Status Failed means all members failed to synchronize to target Azure AD Group.

Here is a great article for troubleshoot SCCM collection cloud sync to Azure AD group:

https://ronnydejong.com/2020/02/27/troubleshooting-device-collection-membership-azure-ad-group-sync/

(Please Note: Since the website is not hosted by Microsoft, just for your reference.)

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

I found the solution.

Basically as I mentioned before all prerequisites was met and I don't have any errors except got this "NULL" value in SCCM SQL database on AADTenantID column.

Solution:

1. In SCCM go to Administration \ Cloud Services \ Azure Active Directory Tenants;
2. Select your existing tenant and select cloud management "CMG-ServerApp" and right click:
3. Then click Update Application Settings and then we will get this notification:
4. After that I re-enabled "Cloud Sync" and now devices are synchronizing to Azure AD group.

May this solution will help someone :)

Have a nice day.