Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure AD Connect not manually syncing

Brass Contributor

Sorry if this isn't the right forum, but I just installed Azure AD Connect on a new Windows 2016 domain controller.  Azure AD Connect was originally upgraded from DirSync and was running on a Windows 2012 R2 domain controller.  We're decommissioning that server, hence the new Windows 2016 DC and Azure AD Connect on the new DC. I have left the old server in staging mode until I'm positive the new system is working correctly. My issue is when I manually run start-adsyncsynccycle -policytype delta (on the new server), it shows it is successful, and monitoring via the Synchronization Service Manager shows it is running, but no changes are actually synced with Azure.  Once the delta sync runs at scheduled time, the changes are synced to Azure.  If I change back to the original server (change staging mode around), and manually run the delta sync, it works as it should. Is there anything else required to do a manual sync when Azure AD Connect is running on a Windows 2016 DC?

12 Replies
Hi Paul,
I would uninstall the old Azure AD Connect client first, then re-run the wizard on the new server and run a start-adsyncsynccycle -policytype initial after that, just for making sure.
There no other command to force a sync in Windows Server 2016, there is no difference.

Paul,

 

When you run the Delta Cycle via Powershell vs when the scheduler runs, are there expected changes that are supposed to be syncing? What I mean is, by chance is there actually nothing for the sync cycle to pick up when you run it manually?

 

Have you also tried to right click > Run (manually sync) a sync cycle? Does that work not work compared to the scheduler sync cycles every 30 min?

When I do a manual sync, using PowerShell ("import-module adsync" followed by "start-adsyncsynccycle -policytype delta"), and monitor with the Sync Service Manger, the sync starts and runs, but my changes are not actually synced, nor even detected in the sync stats window.  Those changes are synced during normal sync cycle, though.

 

For part 2, using the Sync Service Manager, if I run the various imports/syncs/exports (6 of them) manually, in the same order as they're run during the PowerShell sync, then the changes are synced properly.  By the way, I did not know we could sync this way, so thanks for that tip. But, I didn't see anything I could just right-click on and then run the entire sync process.

 

Paul

You're correct, there is no button or right click to run the whole process. the Start-ADSyncSyncCycle Powershell Commandlet is for that. But you're saying that isn't actually processing changes? Is it showing the exact same steps as the ones you ran manually?

My recommendation would be to do one of two things:

 

1. Create a Support Request with Microsoft Azure Support (Identity Team). Submit with the new case a zipped folder from the following path, C:\Program Data\AADConect. Zip that as it contains Trace Logs and Installation Logs from the latest install of the Software which is giving you the issues with the PS Module. They can help troubleshoot why this is happening and resolve the issue once and for all.

 

2. If you are not worried about the root cause of the issue. Follow the guidance of the other reply(ies), and uninstall reinstall Azure AD Connect. This should resolve the issue. If it doesn't follow Step 1 for sure.

Max,

Correct. Doing the exact same steps that the Powershell commandlet runs, in the same order, via the manager, works. I'll try the other Pontus' suggested step of removing AD connect in a few days. Until the, I'll just manually run the syncs when required.
I'll try removing the old AD connect, via Pontus' suggestion in a few days. If that doesn't work, I'll open a ticket. Thanks for your help, everyone.

@Paul Long Were you ever able to get your Azure AD Connect to sync via the adsyncsyncclycle -policytype delta command?

Any luck with this?  I am experiencing the same issue.

@mwilliams1895 Actually, I ended up doing a full sync, start-adsyncsynccycle -policytype initial. Once I did that, I've had no further issues.

@Paul LongThanks for your response. I run this script often.  Is there any disadvantage to running the initial vs the delta?  After I have run the initial will the delta sync work properly?

@mwilliams1895 The initial takes longer to finish, but other than that, there's no issues which I know of.  I've only run the initial that one time to fix an issue, and one other when I thought I was having the issue again (just a few months ago).  However, I think I was just impatient and forgot what DC I made the original AD change to and got flustered when the delta sync didn't seem to work (didn't wait for replication).