Share via

Entra Connect ignoring synchronization settings

Charlie-9453 20 Reputation points
2023-11-17T13:37:39.94+00:00

After updating to the latest version of Entra Connect and activating Microsoft Entra Connect Health to sync our on-prem AD to Azure, all the settings we have are being ignored. For example, we tried to exclude some OUs by unchecking the corresponding boxes in "Synchronization Service Manager," and setting a rule in "Synchronization Rules Editor" to prevent disabled accounts from syncing, but nothing seems to work. We've tried repairing the installation and redoing all the settings, but to no avail. Does anyone have any ideas on what could be causing this issue?

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Answer accepted by question author
  1. Givary-MSFT 35,686 Reputation points Microsoft Employee Moderator
    2023-11-21T09:12:47.8566667+00:00

    @Charlie-9453 Reviewed the configuration, found you had a custom sync rule created to stop syncing disabling accounts from on-premise to Microsoft Entra portal. Followed the steps mentioned here - https://spanougakis.wordpress.com/2016/02/28/how-to-stop-disabled-user-accounts-from-syncing-with-azure-ad-connect/ deleted the existing rule and re-created again, which helped to remove the disabled accounts.

    Later there was another issue reported where admin accounts which were disabled (UserAccountControl having value 514) custom sync rule not getting applied on those account, on further research found this all started after upgrade to latest version, for time being we modified the sync with the below values

    UserAccountControl EQUALS 514

    UserAccountControl EQUALS 66050

    UserAccountControl ISBITSET 2

    Reference: https://jackstromberg.com/2013/01/useraccountcontrol-attributeflag-values/

    After making the changes, ran the full sync and verified the issue, disabled accounts have been removed from the portal as expected.

    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 35,686 Reputation points Microsoft Employee Moderator
    2023-11-20T08:48:20.1333333+00:00

    @Charlie-9453 Thank you for reaching out to us, As I understand you are having issue with the Microsoft Entra Connect Server, where you notice sync configuration/settings being ignored.

    According to me, this kind of issue can occur if you have multiple Entra Connect Sync servers configured to single tenant, having multiple Microsoft Entra Connect Sync servers connected to the same Microsoft Entra tenant is not supported, except for a staging server.

    Navigate to this section in the Microsoft Entra Portal, where you can find number of sync servers configured in your tenant and server details where the sync engine is installed

    User's image

    Let me know if the above steps helps to isolate your issue else happy to connect with you offline to discuss further on this.

    Here are my contact details:

    Please send me an email to 'AzCommunity@microsoft.com' with Sub - Attn: Givary and following details in the email body:

    Link to this thread/post

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.