Azure ad replication scenario

Gurudas 886 Reputation points
2022-04-06T07:13:09.127+00:00

Hello All,

Greetings!

There is a potential sync issue with Office 365 for Contoso.com domain. Password changes are not syncing and AD information changes do not appear to be updating.

How can we enforce the enforce Office 365 sync and can we reduce the interval.

Warm Regards :)

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,158 questions
0 comments No comments
{count} votes

Accepted answer
  1. Carlos Solís Salazar 17,441 Reputation points MVP
    2022-04-06T08:58:25.793+00:00

    Hi @GurudasSatardekar

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    With Azure AD Connect you do what you need,

    When you change a Password, the synchronization is not automatic, usually, it happens every 30 minutes.

    You can force the synchronization with the following Powershell commands on the server where Azure AD Connect is installed:

    Start-ADSyncSyncCycle -PolicyType Delta

    This will only synchronize current changes.

    Run the following command to force a complete sync but note that the length of sync time would be increased.

    Start-ADSyncSyncCycle -PolicyType Initial

    More info: https://techcommunity.microsoft.com/t5/itops-talk-blog/powershell-basics-how-to-force-azuread-connect-to-sync/ba-p/887043

    Hope this helps,
    Carlos Solís Salazar

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.


    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,456 Reputation points
    2022-04-06T12:07:12.66+00:00

    Hi @GurudasSatardekar • Thank you for reaching out.

    As documented here, the password hash synchronization process runs every 2 minutes. The password synch happens automatically and doesn't rely on the sync cycle interval. You cannot modify the frequency of this process. When you synchronize a password, it overwrites the existing cloud password.

    If the password hash sync is not updating the password in the cloud, this could be because AD Connect is connecting to a DC and that DC is not receiving the password change update due to an issue in the replication of your Local AD domain controllers.

    As the PDC is responsible to update the passwords, you should consider connecting AD connect directly to the PDC as shown below:

    190559-untitled.png

    The synchronization of AD objects (not the passwords), by default, takes 30 min as the Delta Sync automatically runs every 30 mins and can be triggered manually using Start-ADSyncSyncCycle -PolicyType Delta command. You can also customize the 30 min time interval by using Set-ADSyncScheduler -CustomizedSyncCycleInterval d.HH:mm:ss cmdlet, where you can specify days/hours/minutes/seconds based on your requirement.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments