Home

Connect to Azure AD

%3CLINGO-SUB%20id%3D%22lingo-sub-238259%22%20slang%3D%22en-US%22%3EConnect%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-238259%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20I%20am%20testing%20AAD%20Connect%20and%20I%20am%20getting%20a%20little%20closer%20all%20the%20time.%3CBR%20%2F%3E%3CBR%20%2F%3EHowever%2C%20I%20do%20want%20to%20verify%20something.%26nbsp%3B%20We%20have%20company.onmicrosoft.com%2C%20and%20we%20have%20company.com.%26nbsp%3B%20Company.com%20is%20verified.%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20Synchronization%20Service%2C%20if%20I%20select%20CONNECTORS%2C%20I%20see%3A%3CBR%20%2F%3Ecompany.onmicrosoft.com%3CBR%20%2F%3Ecompany.local%3CBR%20%2F%3E%3CBR%20%2F%3EIs%20that%20correct%3F%26nbsp%3B%20I%20thought%20I%20would%20see%3A%3CBR%20%2F%3Ecompany.com%3CBR%20%2F%3Ecompany.local%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20Operations%2C%20I%20see%20where%20a%20Full%20Import%20picks%20up%20items%20from%20company.local%2C%20then%20I%20see%20the%20Projection%20of%20the%20item%20in%20Full%20Synchronization%2C%20but%20the%20export%20has%20nothing.%26nbsp%3B%20It%20is%20all%20zeros%20each%20time.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3ESo%20it%20looks%20like%20it%20is%20picking%20up%20my%20changes%20in%20AD%20properly%2C%20but%20it%20isn't%20actually%20writing%20them.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-238259%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAAD%20Connect%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-251062%22%20slang%3D%22en-US%22%3ERe%3A%20Connect%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-251062%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20regards%20to%20the%20screen%20shot%2C%26nbsp%3B%20the%20%22stage%20only%22%20means%20to%20stage%20exports%20for%20when%20the%20next%20export%20run%20profile%20is%20run.%20%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-238764%22%20slang%3D%22en-US%22%3ERe%3A%20Connect%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-238764%22%20slang%3D%22en-US%22%3E%3CP%3EI%20figured%20it%20out.%26nbsp%3B%20I%20created%20a%20test%20OU%20called%20SyncTest%20and%20put%20the%20users%20in%20there.%26nbsp%3B%20However%2C%20I%20also%20had%20a%20group%20called%20ADSyncUsers%20that%20I%20was%20filtering%20based%20off%20of.%26nbsp%3B%20Although%20I%20added%20the%20test%20user%20to%20the%20OU%20and%20to%20the%20Group%2C%20the%20Group%20was%20actually%20NOT%20in%20that%20OU%20so%20it%20wasn't%20quite%20getting%20there.%3CBR%20%2F%3E%3CBR%20%2F%3EWhen%20I%20added%20the%20group%20to%20the%20same%20OU%2C%20and%20then%20resolved%20it%20again%2C%20it%20worked.%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20for%20all%20of%20your%20help%20folks!%3CBR%20%2F%3E%3CBR%20%2F%3EMoving%20on%20to%20the%20next%20hurdle...an%20AD%20name%20change.%26nbsp%3B%20ha%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-238759%22%20slang%3D%22en-US%22%3ERe%3A%20Connect%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-238759%22%20slang%3D%22en-US%22%3E%3CP%3EI%20figured%20it%20out.%26nbsp%3B%20I%20created%20a%20test%20OU%20called%20SyncTest%20and%20put%20the%20users%20in%20there.%26nbsp%3B%20However%2C%20I%20also%20had%20a%20group%20called%20ADSyncUsers%20that%20I%20was%20filtering%20based%20off%20of.%26nbsp%3B%20Although%20I%20added%20the%20test%20user%20to%20the%20OU%20and%20to%20the%20Group%2C%20the%20Group%20was%20actually%20NOT%20in%20that%20OU%20so%20it%20wasn't%20quite%20getting%20there.%3CBR%20%2F%3E%3CBR%20%2F%3EWhen%20I%20added%20the%20group%20to%20the%20same%20OU%2C%20and%20then%20resolved%20it%20again%2C%20it%20worked.%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20for%20all%20of%20your%20help%20folks!%3CBR%20%2F%3E%3CBR%20%2F%3EMoving%20on%20to%20the%20next%20hurdle...an%20AD%20name%20change.%26nbsp%3B%20ha%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-238701%22%20slang%3D%22en-US%22%3ERe%3A%20Connect%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-238701%22%20slang%3D%22en-US%22%3E%3CP%3EFrom%20the%20screenshot%2C%20it%20seems%20that%20you%20have%20the%20staging%20mode%20on%3A%20Delta%20Import%20(Stage%20Only).%20So%20just%20run%20the%20config%20again%20and%20change%20to%20normal%20mode.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-238562%22%20slang%3D%22en-US%22%3ERe%3A%20Connect%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-238562%22%20slang%3D%22en-US%22%3E%3CP%3EOk...I%20am%20NOT%20in%20staging%20mode.%3CBR%20%2F%3E%3CBR%20%2F%3EAdded%20two%20more%20users%20to%20my%20Test%20OU.%26nbsp%3B%20Ran%20the%20sync%20using%20PowerShell%3C%2FP%3E%3CP%3E%3CFONT%20color%3D%22%230000ff%22%20face%3D%22Lucida%20Console%22%20size%3D%221%22%3EStart-AdSyncSyncCycle%20%3C%2FFONT%3E%3C%2FP%3E%3CP%3EI%20can%20see%20the%202%20new%20object%20details%20showing%20up%20in%20Sync%20Service%20as%20ADDS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20they%20never%20show%20up%20in%20Azure.%26nbsp%3B%20No%20errors...no%20emails...%26nbsp%3B%20They%20just%20never%20show%20up.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%20color%3D%22%230000ff%22%20face%3D%22Lucida%20Console%22%20size%3D%221%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20592px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F44352iEB23D2175EE744D7%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Adds.png%22%20title%3D%22Adds.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-238540%22%20slang%3D%22en-US%22%3ERe%3A%20Connect%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-238540%22%20slang%3D%22en-US%22%3E%3CP%3E%3CFONT%20face%3D%22Courier%20New%22%3EGet-ADSyncScheduler%3C%2FFONT%3Ewill%20tell%20you%20if%20the%20box%20is%20in%20staging%20mode%20or%20not%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-238532%22%20slang%3D%22en-US%22%3ERe%3A%20Connect%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-238532%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20poweshell%20command%20or%20something%20that%20will%20let%20me%20know%20if%20I%20am%20in%20staging%20mode%3F%3CBR%20%2F%3E%3CBR%20%2F%3ESince%20I%20have%20run%20the%20initial%20sync%20from%20the%20GUI%2C%20I%20don't%20believe%20the%20option%20for%20staging%20pops%20up%20anymore%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-238461%22%20slang%3D%22en-US%22%3ERe%3A%20Connect%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-238461%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20Nestori%20said%2C%20connectors%20are%20ok%20and%20should%20be%20like%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20i%20check%20logs%20on%20my%20end%20Export%20is%200%20most%20of%20the%20time.%20I%20don't%20think%20you%20should%20use%20it%20as%20an%20indication.%20This%20is%20just%20some%20internal%20AD%20Connect%20processes.%20Just%20check%20on%20Office%20365%20end%20if%20user%20has%20appeared%20and%20its%20details%20look%20fine.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-238365%22%20slang%3D%22en-US%22%3ERe%3A%20Connect%20to%20Azure%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-238365%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EConnectors%20are%20fine%2C%20company.onmicrosoft.com%20just%20refers%20to%20your%20Office%20365%20tenant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20check%20that%20you%20are%20not%20in%20staged%20mode%20-%20nothing%20is%20actually%20synced%20to%20cloud%20if%20you%20are.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Todd Purifoy
Contributor

So I am testing AAD Connect and I am getting a little closer all the time.

However, I do want to verify something.  We have company.onmicrosoft.com, and we have company.com.  Company.com is verified.

In Synchronization Service, if I select CONNECTORS, I see:
company.onmicrosoft.com
company.local

Is that correct?  I thought I would see:
company.com
company.local

In Operations, I see where a Full Import picks up items from company.local, then I see the Projection of the item in Full Synchronization, but the export has nothing.  It is all zeros each time. 

So it looks like it is picking up my changes in AD properly, but it isn't actually writing them.

9 Replies

Hi,

 

Connectors are fine, company.onmicrosoft.com just refers to your Office 365 tenant.

 

Please check that you are not in staged mode - nothing is actually synced to cloud if you are.

As Nestori said, connectors are ok and should be like this.

 

If i check logs on my end Export is 0 most of the time. I don't think you should use it as an indication. This is just some internal AD Connect processes. Just check on Office 365 end if user has appeared and its details look fine.

Is there a poweshell command or something that will let me know if I am in staging mode?

Since I have run the initial sync from the GUI, I don't believe the option for staging pops up anymore?

Get-ADSyncScheduler will tell you if the box is in staging mode or not

 

Ok...I am NOT in staging mode.

Added two more users to my Test OU.  Ran the sync using PowerShell

Start-AdSyncSyncCycle

I can see the 2 new object details showing up in Sync Service as ADDS.

 

However, they never show up in Azure.  No errors...no emails...  They just never show up. 

Adds.png

 

From the screenshot, it seems that you have the staging mode on: Delta Import (Stage Only). So just run the config again and change to normal mode.

I figured it out.  I created a test OU called SyncTest and put the users in there.  However, I also had a group called ADSyncUsers that I was filtering based off of.  Although I added the test user to the OU and to the Group, the Group was actually NOT in that OU so it wasn't quite getting there.

When I added the group to the same OU, and then resolved it again, it worked.

Thanks for all of your help folks!

Moving on to the next hurdle...an AD name change.  ha

Highlighted

I figured it out.  I created a test OU called SyncTest and put the users in there.  However, I also had a group called ADSyncUsers that I was filtering based off of.  Although I added the test user to the OU and to the Group, the Group was actually NOT in that OU so it wasn't quite getting there.

When I added the group to the same OU, and then resolved it again, it worked.

Thanks for all of your help folks!

Moving on to the next hurdle...an AD name change.  ha

In regards to the screen shot,  the "stage only" means to stage exports for when the next export run profile is run.   

Related Conversations
Calendar not available for older AD accounts
_jancis in Microsoft Teams on
0 Replies
Azure Files with adfs
Stephane KLOIS in Azure on
0 Replies
What is a native non-object synchronised Azure AD instance?
Pn1995 in Azure on
0 Replies
A problem with the Zoom level of a Tab
Tavory in Discussions on
9 Replies
Azure Automation connecting to Exchange with MFA enforced
Chris Johnston in Azure on
13 Replies
Intune Win32 apps error 0x80070002
bjornmertens in Microsoft Intune on
5 Replies