Azure AD Connect sync: Understand and customize synchronization
The Azure Active Directory Connect synchronization services (Azure AD Connect sync) is a main component of Azure AD Connect. It takes care of all the operations that are related to synchronize identity data between your on-premises environment and Azure AD. Azure AD Connect sync is the successor of DirSync, Azure AD Sync, and Forefront Identity Manager with the Azure Active Directory Connector configured.
This topic is the home for Azure AD Connect sync (also called sync engine) and lists links to all other topics related to it. For links to Azure AD Connect, see Integrating your on-premises identities with Azure Active Directory.
The sync service consists of two components, the on-premises Azure AD Connect sync component and the service side in Azure AD called Azure AD Connect sync service.
Important
Azure AD Connect Cloud Sync is a new offering from Microsoft designed to meet and accomplish your hybrid identity goals for synchronization of users, groups, and contacts to Azure AD. It accomplishes this by using the Azure AD Cloud provisioning agent instead of the Azure AD Connect application. Azure AD Cloud Sync is replacing Azure AD Connect sync, which will be retired after Cloud Sync has full functional parity with Connect sync. The remainder of this article is about AADConnect sync, but we encourage customers to review the features and advantages of Cloud Sync before deploying AADConnect sync.
To find out if you are already eligible for Cloud Sync, please verify your requirements in this wizard.
To learn more about Cloud Sync please read this article, or watch this short video.
Azure AD Connect sync topics
| Topic | What it covers and when to read |
|---|---|
| Azure AD Connect sync fundamentals | |
| Understanding the architecture | For those of you who are new to the sync engine and want to learn about the architecture and the terms used. |
| Technical concepts | A short version of the architecture topic and briefly explains the terms used. |
| Topologies for Azure AD Connect | Describes the different topologies and scenarios the sync engine supports. |
| Custom configuration | |
| Running the installation wizard again | Explains what options you have available when you run the Azure AD Connect installation wizard again. |
| Understanding Declarative Provisioning | Describes the configuration model called declarative provisioning. |
| Understanding Declarative Provisioning Expressions | Describes the syntax for the expression language used in declarative provisioning. |
| Understanding the default configuration | Describes the out-of-box rules and the default configuration. Also describes how the rules work together for the out-of-box scenarios to work. |
| Understanding Users and Contacts | Continues on the previous topic and describes how the configuration for users and contacts works together, in particular in a multi-forest environment. |
| How to make a change to the default configuration | Walks you through how to make a common configuration change to attribute flows. |
| Best practices for changing the default configuration | Support limitations and for making changes to the out-of-box configuration. |
| Configure Filtering | Describes the different options for how to limit which objects are being synchronized to Azure AD and step-by-step how to configure these options. |
| Features and scenarios | |
| Prevent accidental deletes | Describes the prevent accidental deletes feature and how to configure it. |
| Scheduler | Describes the built-in scheduler, which is importing, synchronizing, and exporting data. |
| Implement password hash synchronization | Describes how password synchronization works, how to implement, and how to operate and troubleshoot. |
| Device writeback | Describes how device writeback works in Azure AD Connect. |
| Directory extensions | Describes how to extend the Azure AD schema with your own custom attributes. |
| Microsoft 365 PreferredDataLocation | Describes how to put the user's Microsoft 365 resources in the same region as the user. |
| Sync Service | |
| Azure AD Connect sync service features | Describes the sync service side and how to change sync settings in Azure AD. |
| Duplicate attribute resiliency | Describes how to enable and use userPrincipalName and proxyAddresses duplicate attribute values resiliency. |
| Operations and UI | |
| Synchronization Service Manager | Describes the Synchronization Service Manager UI, including Operations, Connectors, Metaverse Designer, and Metaverse Search tabs. |
| Operational tasks and considerations | Describes operational concerns, such as disaster recovery. |
| How To... | |
| Reset the Azure AD account | How to reset the credentials of the service account used to connect from Azure AD Connect sync to Azure AD. |
| More information and references | |
| Ports | Lists which ports you need to open between the sync engine and your on-premises directories and Azure AD. |
| Attributes synchronized to Azure Active Directory | Lists all attributes being synchronized between on-premises AD and Azure AD. |
| Functions Reference | Lists all functions available in declarative provisioning. |
Additional Resources
Feedback
Submit and view feedback for