AAD connect upgrade

MGCH 41 Reputation points

I am about to do an upgrade of AAD connect installation I inherited. There is something that is bothering me with the Sync rules. According to Microsoft "If you've made changes to the out-of-box synchronization rules, then these rules are set back to the default configuration on upgrade. " Does that mean that any cloned rules will be wiped out or only applies to changes of the default rules. How can I tell that an out-of the box rule was changed in any way? I don't see any timestamp. And what would be a good restore strategy (other than exporting the config and rules)- would a snapshot of the AAD connect server be sufficient, or I need to take backup of the database as well?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,692 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,226 Reputation points

    Hello @MGCH · Welcome to QnA platform and thanks for your query.

    In order to identify any changes in the out of box rules, you can install another instance of AD Connect on a test machine and use below cmdlet to export out of box configuration including sync rules from that server:

    Get-ADSyncServerConfiguration -Path "<CompletePathToOutputFolder>"  

    Use this cmdlet again on your existing AD Connect server to get a copy of configuration exported from the existing server as well.

    Once you have the configuration exported from both the servers, you can then use the Documenter Tool to generate an HTML report to compare the rules and identify if any out of box rules are modified in your current setup or not.

    From the report, you can use below option to find out the sync rule changes:



    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful