Issue: Sync process indicates success, but users not syncing.
Background: We have had an older version of Azure AD Connect/Sync running successfully/correctly without issues for the last year or so in our environment. Last month we performed a migration to move our Azure AD Connect software to new hardware and we’re having issues where it appears the process is showing success and users/changes are syncing to the AADConnect database but not to Azure AD.
On the server, the Synchronization Service Manager shows success for all sync operations and they are executing on a schedule (Delta Import, Delta Sync, & Export.) [Full instead of delta also shows "success'.] Manually executing/running the connections from the connectors tab also shows "success".
The Azure AD Connect health service page from the Azure portal also indicates that the sync service is enabled, the last sync was an hour ago, and that password has synchronization is enabled.
Original setup:
Server1, using the local/express database installed as part of the setup. It was an older version, unfortunately, we don't have it installed still as we thought had been successfully syncing for the last month.
New setup:
Server2, using a SQL server standard database for the ADSync database. Version 1.3.21.0 as noted on the Azure AD Connect synchronization service manager "about" tab.
Troubleshooting steps taken:
- When I run the troubleshooter powershell script and using the "Diagnose object synchronization issues", I can get the diagnostic report that shows the "On-Premises Active Directory" & "AADConnect Database" with the same values, but the "Azure AD" object is showing that it has been several weeks according to the LastDirSyncTime value. We made a changes to a user's display name yesterday, which should have caused a sync/change, but that sync time hasn't changed and the display name doesn't match, see the pictures below. (The AADConnect Database sourceAnchor value matches the Azure AD ImmutableId.)
- Filtered the Application event log by the event source of "Directory Synchronization" and there are no errors noted during the synchronization process. I can see it start, go through the process, and end successfully.
- Tried to manually execute delta & full syncs from both the connectors tab of the Synchronization Services Manager application on the server and via the powershell command Start-ADSyncSyncCycle. Success is shown with no errors. There is still no sync from the AAD Connector database to Azure AD. The synchronization actions show "Connectors with Flow Updates" greater than zero, but the export actions show no adds/updates/renames/deletes/delete adds.
- Used the Get-MsolCompanyInformation powershell command and it shows a LastDirSyncTime/LastPasswordSyncTime that is recent from today. Interestingly enough, the account that is shown here doesn't exist in our AAD anymore. It has the format of the old server name, not the new one.
- Confirmed the connector for Azure AD was set to use the correct user showing the new server name and confirmed that that new user exists in the Azure portal.
- Confirmed that the attributes in question were set to sync.
Is there a set of logs or additional information that I can pull in to see what exactly is occurring? It really seems like everything should be working as expected, but clearly our user attributes are not syncing. Currently stumped, but hopefully someone out there has seen this before.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 19%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
