Forum Discussion
Hybrid Entra ID - I can't understand how it was set up
Hi All,
There is an on-prem Active Directory domain that is synced to Microsoft 365 via Azure AD Connect.
AD objects are synced to Microsoft Entra ID.
However, no server is specified as a synchronization source.
How it is possible?
Hi, Alexander.
You're looking at two separate measurements.
Azure AD is aware of when a synchronisation was performed by AAD Connect, and this is reflected in the first screen.
The second screen relies in information being fed to it by the AAD Connect Health agent (shown below) which is typically installed when AAD Connect itself is installed.
If the Health Agent is not installed or is unable to communicate with the relevant Azure endpoints, there will be no (or stale) data, as you're seeing today.
If you want to see data in the second screen then ensure that the Health Agent is installed and able to communicate with Azure as per the below documentation. But strictly-speaking, the answer to your question is - as described above - that they are two separate measurements, which is why they can appear to contradict one another.
Cheer,s
Lain
3 Replies
Hi, Alexander.
You're looking at two separate measurements.
Azure AD is aware of when a synchronisation was performed by AAD Connect, and this is reflected in the first screen.
The second screen relies in information being fed to it by the AAD Connect Health agent (shown below) which is typically installed when AAD Connect itself is installed.
If the Health Agent is not installed or is unable to communicate with the relevant Azure endpoints, there will be no (or stale) data, as you're seeing today.
If you want to see data in the second screen then ensure that the Health Agent is installed and able to communicate with Azure as per the below documentation. But strictly-speaking, the answer to your question is - as described above - that they are two separate measurements, which is why they can appear to contradict one another.
Cheer,s
Lain
Thanks for you reply.
To be honest I didn't know that AAD Connect Health agent is required for displaying information about sync source in Azure Antra portal.
I checked the installed apps on the server with AAD Connect and confirming that the AAD Connect Health is installed.
However for some reason it is stopped and startup type is disabled.
It now also make sense why Microsoft Entra Connect Health has status as Unmonitored.
Unfortunately, those who deployed AAD syncing do not reply so I have no idea for what reasons AAD Connect Health service was stopped but at least now I know what is happening.
(May be according to this article https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-health-agent-install the AAD Connect Health agent configuration was not completed but that would be just my guess).
