Troubleshoot an attribute not synchronizing in Azure AD Connect

Recommended Steps

Before investigating attribute syncing issues, let’s understand the Azure AD Connect syncing process:

Terminology

• CS: Connector Space, a table in database.
• MV: Metaverse, a table in database.
• AD: Active Directory
• Azure AD: Azure Active Directory

Synchronization Steps

• Import from AD: Active Directory objects are brought into AD CS.

• Import from Azure AD: Azure Active Directory objects are brought into Azure AD CS.

• Synchronization: Inbound Synchronization Rules and Outbound Synchronization Rules are run in the order of precedence number from lower to higher. To view the Synchronization Rules, you can go to Synchronization Rules Editor from the desktop applications. The Inbound Synchronization Rules brings in data from CS to MV. The Outbound Synchronization Rules moves data from MV to CS.

• Export to AD: After running Synchronization, objects are exported from AD CS to Active Directory.

• Export to Azure AD: After running Synchronization, objects are exported from Azure AD CS to Azure Active Directory.

Step by Step Investigation

• We'll start our search from the Metaverse and look at the attribute mapping from source to target.

• Launch Synchronization Service Manager from the desktop applications, as shown below:

  

• On the Synchronization Service Manager, select the Metaverse Search, select Scope by Object Type, select the object using an attribute, and click Search button.

  

• Double click the object found in the Metaverse search to view all its attributes. You can click on the Connectors tab to look at corresponding object in all the Connector Spaces.

  

• Double click on the Active Directory Connector to view the Connector Space attributes. Click on the Preview button, on the following dialog click on the Generate Preview button.

  

• Now click on the Import Attribute Flow, this shows flow of attributes from Active Directory Connector Space to the Metaverse. Sync Rule column shows which Synchronization Rule contributed to that attribute. Data Source column shows you the attributes from the Connector Space. Metaverse Attribute column shows you the attributes in the Metaverse. You can look for the attribute not syncing here. If you don't find the attribute here, then this isn't mapped and you have to create new custom Synchronization Rule to map the attribute.

  

• Click on the Export Attribute Flow in the left pane to view the attribute flow from Metaverse back to Active Directory Connector Space using Outbound Synchronization Rules.

  

• Similarly, you can view the Azure Active Directory Connector Space object and can generate the Preview to view attribute flow from Metaverse to the Connector Space and vice versa, this way you can investigate why an attribute isn't syncing.

Recommended Documents

• Azure AD Connect sync: Technical Concepts
• Azure AD Connect sync: Understanding the architecture
• Azure AD Connect sync: Understanding Declarative Provisioning
• Azure AD Connect sync: Understanding Declarative Provisioning Expressions
• Azure AD Connect sync: Understanding the default configuration
• Azure AD Connect sync: Understanding Users, Groups, and Contacts
• Azure AD Connect sync: Shadow attributes

Next Steps

• Azure AD Connect sync.
• What is hybrid identity?.