Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

AAD Connect Migration and Configuration Documenter Results

Brass Contributor

Hi,

 

We are currently in the process of migrating from a very old version of AAD Connect (1.1.614.0) to the latest version.

 

We have everything installed on the new server (in staging mode) and are just in the process of comparing the configurations between the two servers using Microsoft's Azure AD Connect Configuration Documenter.

 

In the report under the section for our on-premise domain there is a section for "Selected Attributes". This section is showing a bunch of "deleted/update" status's under the "Flows Configured" column.

For example, it shows that "displayName" used to be set for "Import / Export" but is now just set to "No".

 

We can't find anything in either server that might explain why we are seeing these results. We only had to import a few custom sync rules from the old server to the new server. We aren't sure if perhaps we have missed something there.

 

Below is screenshot of what we are seeing in the report. We are concerned as these are important attributes that definitely need to be synced. But we don't know what is different or where to check between the old server and the new server.

2019-12-03_14h23_03.png

 

 

 

 

 

 

 

 

Any help or suggestions would be greatly appreciated!

 

Cheers,

 

Todd

4 Replies

Those are standard attributes that should be covered by the default rules. I cannot speak for the documenter, but you can simply run the new instance in staging mode and verify that the attributes in question flow to the metaverse. Similarly, you can run a Preview from the connector space object's 

@Vasil Michev 

 

I appreciate your feedback!

I will look into using the metaverse to accomplish this.

I haven't used the metaverse before so I am not super familiar with it.

 

We did know that we could run a "staging sync". I just wasn't sure how hard it would be to interpret the data accurately.

Here's a sample article that walks you trough the process of searching the metaverse or given connector space: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-object-not-syncing#con...

@Vasil Michev

 

Thank you for the link. I had actually come across that link and was testing it out. The problem was that we had not performed any sync so there was no data to search through in the metaverse.

 

We managed to get on the phone with MS support and we went through our configuration. After reviewing the Configuration Documenter results we were essentially told to ignore and that based on what we had configured, everything should go through smoothly.

 

It took a little convincing but we eventually agreed to move forward with our initial sync. We first set the current production server to Staging Mode. We then take the new server out of Staging Mode and ran our initial sync. Everything appeared to go through correctly.

 

We suspect that perhaps the Configure Documenter was reporting incorrectly possibly due to the super old version of AAD Connect we were running prior to the upgrade.

 

We have run into a few issues after the upgrade, just related to the permissions of the account we created to handle the connection to AD. We didn't know it couldn't be Enterprise Admin or Domain Admin, so we need to grant the necessary permission to this user. We likely should have just allowed the AAD Connect installation wizard to create the MSOL_ user account and be done with it.

 

Anyway, it seems things are okay. We are continuing to monitor though!

 

Cheers,

 

Todd