Waiting on Dirsync
If you start testing the integration of Intune with Configuration Manager 2012 you’ll likely spend time waiting for the Dirsync process to run. It runs every 3 hours by default which is OK for a production environment but when testing you want things to happen quickly so you can continue testing. Here is a process you can use to manually kick off that dir sync process in your test lab. This allows you to make changes in your AD (like creating new test accounts, password resets, etc) and get those changes communicated to the cloud. I’m not recommending that you could or should use this in production as I don’t know if there are any support issues with doing this. There also may be other ways to accomplish this but I figured this out in my testing and it works for me. Your mileage may vary.
Once you have installed and configured dirsync look in \Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell and run miisclient.exe.
This is the Forefront Identify Manager (FIM) client and we can use it to monitor and troubleshoot the dirsync process. In the app we can monitor the status of the different sync jobs. Look closely and you’ll notice a trend. About every 3 hours (usually it’s 3 hours plus a few minutes) you’ll see 3 jobs run, in this order: Delta Import Data Sync, Delta Confirming Import and Export. I won’t go into the details about what those do now, will possibly cover it a later entry.
If you select one of the Delta Import Data Sync records and right click, you’ll see a few options, with one being Run. If you select Run and then verify the Run Management Agent options (basically in this example make sure the Management Agent is Source AD and that the Run Profiles options is set to Delta Import Delta Sync) and click OK the Synchronization Service Manager will create a new Delta Import Data Sync record with the current date/time stamp and set the status when it’s done to success (or failure if it fails). Repeat the same process for Delta Confirming Import and then when it’s done run the Export. Done!
If you want to confirm that the changes in AD are being picked up you can select the Delta Import Delta Sync record for the sync after the AD change was made and check the Synchronization Statistics window at the bottom and you should see some values in the Staging section. In this example, the Last Name for my Intune test user account in AD was changed and I was expecting to see an update to that AD account get picked up and sent to Azure AD. I used the Sync Statistics to verify that the change was processed and I was then able to go to my Azure domain and saw that the change was reflected there. Success!