Forum Discussion

ChrisFox273's avatar
ChrisFox273
Copper Contributor
Jul 17, 2020

Sync Issues with AAD Connect Service not updating attributes

Hi Everyone, one for the big brains. We are having issues with our AAD Connect not updating attributes between on-prem and Azure AD. The issue was first found when migrating mailboxes to the cloud. S...
hybrid
ChrisFox273's avatar
ChrisFox273
Copper Contributor
Jul 20, 2020

harveer singh  Thanks for your reply, and sorry it took so long to get back to you. I did a custom install of AAD Connect, and let the installer create a new service account. I have checked the permissions for this account in AD, and they are all fine. And yes, when I search for a changed user in Metaverse I see the updated local object fine, with all the relevant changes, coming from the AD connector. So the updates are making it into AAD Connect. But they just don't get sent to Azure AD. DNS is working fine on the AADC server, and there is no proxy. And no outbound filtering at all on the firewall. Is there any way of seeing what is happening with the export to Azure AD? I can also confirm it isn't just proxy addresses that aren't updating. We have a user who had a surname change done a little over a week ago. If I search the user in Metaverse, I see the account with the updated name and UPN. But if I look for the user in Azure AD, the name and UPN remain as they were before. Yet AADC is running and saying successful.

harveer singh's avatar
harveer singh
Iron Contributor
Jul 20, 2020

ChrisFox273 Okay, There is not much we can check regarding what Azure AD is doing with the data exported by AADconnect. All we can do is verify the data is flowing through all stages of ADconnect sync engine, rest is Microsoft.

Can you please provide some more clarification; perhaps a screenshot of "but under the "Changes" column, every single line says "None", even the line where I have made a change"

Do you see the changes being pushed to the user account in the cloud connector ? Search for the user in metaverse , open properties and check under cloud connector if the changes are being picked up by the cloud connector or not. Again we are trying to isolate where the sync engine is failing, reference article for metaverse search etc. : https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-object-not-syncing

 

Also another thing you can check is "Logon as service" settings in the domain policy : https://oddytee.wordpress.com/2015/08/12/aad-connect-will-not-start-due-to-logon-failure/

Though this is more relevant in cases where Azure AD connect service simply won't start but i have seen weird issues with synchronization without any errors ,if the logon as service is not in place. 

Resources