Home

AD-Connect synchronization - Staging Mode

%3CLINGO-SUB%20id%3D%22lingo-sub-733755%22%20slang%3D%22en-US%22%3EAD-Connect%20synchronization%20-%20Staging%20Mode%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-733755%22%20slang%3D%22en-US%22%3EHello%2C%20everybody%2C%20I%20have%20a%20phenomenon%20with%20the%20AD-Connect%20synchronization%2C%20where%20I'm%20standing%20something%20on%20the%20hose.%20Example%20scenario%3A%20You%20have%20several%20OUs%20in%20your%20Active%20Directory%2C%20which%20in%20turn%20paid%20for%20several%20security%20groups%20(SG).%20The%20OUs%20including%20their%20content%20(security%20groups%20%26amp%3B%20their%20members%20are%20synchronized%20error-free%20via%20the%20existing%20AD-Connect%20server).%20Now%20you%20want%20to%20implement%20a%20new%20AD-Connect%20server%20via%20the%20staging%20mode.%20As%20soon%20as%20it%20performs%20the%20synchronization%2C%20the%20OUs%20and%20SGs%20are%20synchronized%2C%20but%20all%20user%20objects%20are%20deleted%20from%20the%20security%20groups%20in%20the%20Azure%20AD.%20The%20OUs%20and%20SGs%20themselves%20are%20still%20present%20in%20the%20AAD.%20If%20the%20synchronization%20is%20switched%20back%20to%20the%20old%20AD-Connect%20server%2C%20all%20(including%20user%20objects)%20are%20stored%20in%20the%20AAD.%20Basis%20for%20the%20conversion%20is%20the%20following%20article%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fhow-to-connect-sync-staging-server%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fhow-to-connect-sync-staging-server%3C%2FA%3E%20Can%20any%20of%20you%20explain%20this%20to%20me%3F%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-733755%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-741406%22%20slang%3D%22en-US%22%3ERe%3A%20AD-Connect%20synchronization%20-%20Staging%20Mode%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-741406%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F69577%22%20target%3D%22_blank%22%3E%40Torben%20RITTER%3C%2FA%3E%26nbsp%3BSounds%20like%20the%20users%20are%20not%20synchronized%20correctly.%20What's%20the%20sourceAnchor%20configured%20on%20the%20old%20Azure%20AD%20Connect%20server%3F%20Is%20it%20objectGuid%20or%20ms-DS-ConsistencyGuid%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20the%20new%20server%20it's%20probably%26nbsp%3Bms-DS-ConsistencyGuid%20since%20it's%20default%20right%20now%20so%20you%20might%20want%20to%20change%20it%20on%20the%20old%20server%20before%2C%20so%20you%20have%20the%20same%20sourceAnchor%20on%20both%20servers%20before%20moving%20the%20synchronization.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Torben RITTER
New Contributor
Hello, everybody, I have a phenomenon with the AD-Connect synchronization, where I'm standing something on the hose. Example scenario: You have several OUs in your Active Directory, which in turn paid for several security groups (SG). The OUs including their content (security groups & their members are synchronized error-free via the existing AD-Connect server). Now you want to implement a new AD-Connect server via the staging mode. As soon as it performs the synchronization, the OUs and SGs are synchronized, but all user objects are deleted from the security groups in the Azure AD. The OUs and SGs themselves are still present in the AAD. If the synchronization is switched back to the old AD-Connect server, all (including user objects) are stored in the AAD. Basis for the conversion is the following article: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server Can any of you explain this to me?
1 Reply

@Torben RITTER Sounds like the users are not synchronized correctly. What's the sourceAnchor configured on the old Azure AD Connect server? Is it objectGuid or ms-DS-ConsistencyGuid?

 

On the new server it's probably ms-DS-ConsistencyGuid since it's default right now so you might want to change it on the old server before, so you have the same sourceAnchor on both servers before moving the synchronization. 

 

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies