Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Azure AD Connect is not synchronizing Computer objects

Brass Contributor

Hi,

I installed and configured Azure AD Connect like a few times before but now Computer objects are not synchronizing. They are included in filtering but there is not export to Azure AD, no error or warning, nothing.

 

Azure AD Connect Troubleshooter just saying "Object is not available in AAD Connector Space" (everything else is green/ok).

 

I just reinstalled it but without success.

 

Any ideas?

 

Kind regards

Patrick

15 Replies

@Patrick B 

 

Hi Patrick, 

 

When you mention Objects, do you mean 

 

1. Objects in a specific OU not syncing

2. All Objects in your AD ?

 

Thanks

Ankit Shukla

 


@ankit shukla wrote:

@Patrick B 

 

Hi Patrick, 

 

When you mention Objects, do you mean 

 

1. Objects in a specific OU not syncing

2. All Objects in your AD ?

 

Thanks

Ankit Shukla

 


Computer-accounts are not synchronizing. User-accounts are synchronizing without problems.

@Patrick B 

1. Computer Account Objects - Were they syncing before

2. What version of Windows ( Windows 10 or Windows 7/8) ? Older Versions than Windows 10 are not supported.

3.  Have you configured filtering to check OU of the Workstaion where your Computer Objects are residing in Local AD. Refer - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filteri...

 

Refer for hybrid Identity Join - https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains

 

Do let me know if it works, Pls make a note that there is a separate licensing requirement for Hybrid AD join , and if you dont wish to do a Hybrid AD join on your Workstation, there is no point or use of syncing your Workstation Objects to Azure AD via Azure AD Connect :)

 

Cheers !!

 

Ankit Shukla

 

Hi,
Its a new installation and we have Windows 10 computers here. OU-Filtering is fine, Troubleshooter also saying "OK" for it.

We want to do hybrid join for conditional access and were have Microsoft 365 E3 licenses, so everything should work :)

Kind regards
Patrick

If they are shown as "filtered", most likely some sync rule is to blame. Best go to the Metaverse tab, list all Device objects there and check their properties. More specifically, on the Connectors tab you should see at least two entries, and you can also run a Preview sync to get a list of all rules that play a role in the process.

@Vasil Michev  exactly should be the next steps :)

 

@Patrick B  Additionally, cam you confirm if in your configuration Computer Objects are selected to be Synced to Azure

 

To check this - Connectors < LOcal AD Connector < Right CLick < Properties < Select Object Types.

 

Can you confirm Computer is checked, 

if it is not already your issue  lies there , check and wait for next sync to finish.

 

Cheers !!

Ankit Shukla

 

@Vasil Michev 

 

Thanks for your reply.

 

With filtered, do you mean "cloudFiltered"?

2019-07-25_09-37-59.png

 

I am not sure how I can start a preview sync for seeing the rules, how can I do this?

 

@ankit shuklacomputer objects are selected.

 

Kind regards

I mean generic "filtered", but setting the cloudFiltered attribute is one of the ways this can happen, yes. You can see the rule that's setting this value, so check if any modifications have been made to it, and why it fires on those objects.

@Patrick-Please confirm if your got resolve.

Regards
Abhay Singh
best response confirmed by Patrick B (Brass Contributor)
Solution

@Abhayipg 

I resolved it by configuring proxy-exceptions :)

The reason for not synchronizing the computer-objects was that the computers were not able to contact Azure AD connection-points what is necessary to change attributes (usercertificate) so that Azure AD Connect will synchronize it to AAD.

@Patrick B

 

Hi Patrick,

 

I am also having same kind of issues. Can you please let me know what proxy you were using? Also can you please share the specifics about the exceptions you made on the proxy ??

 

Thanks 

@abdullahabdulsalam @Patrick B

Hi

Because I have the same issue, is there any more information about how to resolve it?

 

Never previously needed to sync computer objects, but now I do.

And while all look OK, they simpley do NOT sync at all

I need the sync, so I can configure hybrid-join

 

As previous poster, any more info about it?

 

Seb

That was painful to understand!

 

It seems that Azure AD Connect does NOT willy-nilly sync computer object from local AD, unles the machine has usercertificate attribute as per best decription here or here

That in turn requires Hybrid-join configured in Azure AD Connect

 

Because I needed a single Computer object to be Hybrid, I simply done Controlled join as per this with a GPO assigned to a single OU where the computer resides in AD

 

Ofcourse the computer object was already AD joined (as it was existing computer), so just done dirty AD re-join to NETBIOS name (just take out the bits after first dot)

That created usercertificate attribute and on next sync it is synced & shows:

 

 

+----------------------------------------------------------------------+
| Device State                                                         |
+----------------------------------------------------------------------+

             AzureAdJoined : YES
          EnterpriseJoined : NO
              DomainJoined : YES
                DomainName : MYDOMAIN

 

 

 

1 best response

Accepted Solutions
best response confirmed by Patrick B (Brass Contributor)
Solution

@Abhayipg 

I resolved it by configuring proxy-exceptions :)

The reason for not synchronizing the computer-objects was that the computers were not able to contact Azure AD connection-points what is necessary to change attributes (usercertificate) so that Azure AD Connect will synchronize it to AAD.

View solution in original post