Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure AD Connect computer object sync delays?

Brass Contributor

I've joined a new machine to my on prem AD and run an Azure AD Connect delta sync but the computer is still not showing in Azure AD (30 mins later). We run a sync every 30 mins anyway, so I'm just wondering why the machine didn't sync during the delta.

 

I ran the Azure AD Connect diagnostics and it essentially told me everything I knew: Machine is in on prem AD, Azure AD Connect knows about it in it's database, but it couldn't find it in Azure AD.

 

Can somebody please enlighten me? And ideally let me know how I can get new AD computers to appear in Azure AD faster?

 

Does the AD machine need to have had a user logon to it before Azure AD Connect will sync it? This machine has just popped out the end of an SCCM OSDeploy task sequence so no real users have ever logged onto it.

 

The reason for this is that we require devices to be Hybrid joined to access most of our 365 services, and they can't get hybrid joined if they're not synced to Azure AD in the first place ;)

 

Thanks in advance.

4 Replies
try to sync to run the initial sync once you add a new object. also, there is a troubleshoot tool inside azure ad connect use it and check the connectivity to your azure ad tenant maybe a firewall is blocking you also check if you have an AV installed on your Azure AD Connect server
The sync works fine otherwise, so it's not AV/firewall/etc.
That machine still hasn't synced over a day later.
I'll try an initial sync but I'd like to know why the delta isn't picking this up. What exactly is the criteria for a computer object within the sync scope being synced?
did you check in your AAD devices section if you have a computer with the same also try to check the synchronization log to see if there is any conflict

@Robin Clive-Matthews :

There could be a few reasons why the newly joined computer object is not showing up in Azure AD after running a delta sync. Here are some steps you can take to troubleshoot the issue and get the computer object to appear in Azure AD faster:

  1. Verify that the computer object is synchronized to Azure AD Connect. You can check this by running the following command on the server running Azure AD Connect:

     
    Get-ADObject -Filter {ObjectClass -eq 'computer' -and ObjectGUID -eq '<GUID>'}

    Replace <GUID> with the GUID of the computer object that you want to check. This command will confirm if the computer object is synchronized with Azure AD Connect.

  2. Check the synchronization logs for any errors or warnings related to the computer object synchronization. The logs are located in the following directory: C:\ProgramData\AADConnect\SyncEngine\SyncRulesEditor\SyncService\UIShell\SyncCycleLogs.

  3. Ensure that the computer object has the required attributes populated in on-premises AD. Specifically, the msDS-Device object attribute should be set to TRUE for hybrid Azure AD join to work correctly.

  4. Check if the computer object has been added to any exclusion rules in Azure AD Connect. If the object is excluded, it won't be synchronized to Azure AD.

  5. Verify that the computer object has a valid DNS entry and that the DNS server used by the computer is the same as the one used by Azure AD Connect.

  6. Ensure that the computer has an internet connection and can communicate with Azure AD.

  7. Finally, you can try forcing a full synchronization instead of a delta sync to see if the computer object appears in Azure AD. You can do this by running the following command on the server running Azure AD Connect:

     
    Start-ADSyncSyncCycle -PolicyType Initial

    This will perform a full synchronization of all objects from on-premises AD to Azure AD.

By following these steps, you should be able to troubleshoot the issue and get the newly joined computer object to appear in Azure AD faster.

 
Hope this helps!, Kindly mark this if query is answerd and resolved the issue 
Enjoy!