Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Connect to Azure AD

Brass Contributor

So I am testing AAD Connect and I am getting a little closer all the time.

However, I do want to verify something.  We have company.onmicrosoft.com, and we have company.com.  Company.com is verified.

In Synchronization Service, if I select CONNECTORS, I see:
company.onmicrosoft.com
company.local

Is that correct?  I thought I would see:
company.com
company.local

In Operations, I see where a Full Import picks up items from company.local, then I see the Projection of the item in Full Synchronization, but the export has nothing.  It is all zeros each time. 

So it looks like it is picking up my changes in AD properly, but it isn't actually writing them.

9 Replies

Hi,

 

Connectors are fine, company.onmicrosoft.com just refers to your Office 365 tenant.

 

Please check that you are not in staged mode - nothing is actually synced to cloud if you are.

As Nestori said, connectors are ok and should be like this.

 

If i check logs on my end Export is 0 most of the time. I don't think you should use it as an indication. This is just some internal AD Connect processes. Just check on Office 365 end if user has appeared and its details look fine.

Is there a poweshell command or something that will let me know if I am in staging mode?

Since I have run the initial sync from the GUI, I don't believe the option for staging pops up anymore?

Get-ADSyncScheduler will tell you if the box is in staging mode or not

 

Ok...I am NOT in staging mode.

Added two more users to my Test OU.  Ran the sync using PowerShell

Start-AdSyncSyncCycle

I can see the 2 new object details showing up in Sync Service as ADDS.

 

However, they never show up in Azure.  No errors...no emails...  They just never show up. 

Adds.png

 

From the screenshot, it seems that you have the staging mode on: Delta Import (Stage Only). So just run the config again and change to normal mode.

I figured it out.  I created a test OU called SyncTest and put the users in there.  However, I also had a group called ADSyncUsers that I was filtering based off of.  Although I added the test user to the OU and to the Group, the Group was actually NOT in that OU so it wasn't quite getting there.

When I added the group to the same OU, and then resolved it again, it worked.

Thanks for all of your help folks!

Moving on to the next hurdle...an AD name change.  ha

I figured it out.  I created a test OU called SyncTest and put the users in there.  However, I also had a group called ADSyncUsers that I was filtering based off of.  Although I added the test user to the OU and to the Group, the Group was actually NOT in that OU so it wasn't quite getting there.

When I added the group to the same OU, and then resolved it again, it worked.

Thanks for all of your help folks!

Moving on to the next hurdle...an AD name change.  ha

In regards to the screen shot,  the "stage only" means to stage exports for when the next export run profile is run.