Jul 24 2019
03:16 AM
- last edited on
Jan 14 2022
04:38 PM
by
TechCommunityAP
Jul 24 2019
03:16 AM
- last edited on
Jan 14 2022
04:38 PM
by
TechCommunityAP
Hi,
I installed and configured Azure AD Connect like a few times before but now Computer objects are not synchronizing. They are included in filtering but there is not export to Azure AD, no error or warning, nothing.
Azure AD Connect Troubleshooter just saying "Object is not available in AAD Connector Space" (everything else is green/ok).
I just reinstalled it but without success.
Any ideas?
Kind regards
Patrick
Jul 24 2019 05:40 AM
Hi Patrick,
When you mention Objects, do you mean
1. Objects in a specific OU not syncing
2. All Objects in your AD ?
Thanks
Ankit Shukla
Jul 24 2019 05:45 AM
@ankit shukla wrote:
Hi Patrick,
When you mention Objects, do you mean
1. Objects in a specific OU not syncing
2. All Objects in your AD ?
Thanks
Ankit Shukla
Computer-accounts are not synchronizing. User-accounts are synchronizing without problems.
Jul 24 2019 06:35 AM
1. Computer Account Objects - Were they syncing before
2. What version of Windows ( Windows 10 or Windows 7/8) ? Older Versions than Windows 10 are not supported.
3. Have you configured filtering to check OU of the Workstaion where your Computer Objects are residing in Local AD. Refer - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filteri...
Refer for hybrid Identity Join - https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains
Do let me know if it works, Pls make a note that there is a separate licensing requirement for Hybrid AD join , and if you dont wish to do a Hybrid AD join on your Workstation, there is no point or use of syncing your Workstation Objects to Azure AD via Azure AD Connect 🙂
Cheers !!
Ankit Shukla
Jul 24 2019 06:59 AM
Jul 24 2019 10:07 AM
If they are shown as "filtered", most likely some sync rule is to blame. Best go to the Metaverse tab, list all Device objects there and check their properties. More specifically, on the Connectors tab you should see at least two entries, and you can also run a Preview sync to get a list of all rules that play a role in the process.
Jul 24 2019 02:09 PM
@VasilMichev exactly should be the next steps 🙂
Jul 24 2019 02:36 PM
@Patrick B Additionally, cam you confirm if in your configuration Computer Objects are selected to be Synced to Azure
To check this - Connectors < LOcal AD Connector < Right CLick < Properties < Select Object Types.
Can you confirm Computer is checked,
if it is not already your issue lies there , check and wait for next sync to finish.
Cheers !!
Ankit Shukla
Jul 25 2019 12:42 AM
Thanks for your reply.
With filtered, do you mean "cloudFiltered"?
I am not sure how I can start a preview sync for seeing the rules, how can I do this?
@ankit shuklacomputer objects are selected.
Kind regards
Jul 25 2019 10:51 AM
I mean generic "filtered", but setting the cloudFiltered attribute is one of the ways this can happen, yes. You can see the rule that's setting this value, so check if any modifications have been made to it, and why it fires on those objects.
Jul 30 2019 12:47 PM
Aug 05 2019 03:29 AM
SolutionI resolved it by configuring proxy-exceptions 🙂
The reason for not synchronizing the computer-objects was that the computers were not able to contact Azure AD connection-points what is necessary to change attributes (usercertificate) so that Azure AD Connect will synchronize it to AAD.
Mar 02 2020 09:59 AM
Hi Patrick,
I am also having same kind of issues. Can you please let me know what proxy you were using? Also can you please share the specifics about the exceptions you made on the proxy ??
Thanks
May 23 2020 12:59 AM
@abdullahabdulsalam @Patrick B
Hi
Because I have the same issue, is there any more information about how to resolve it?
Jul 07 2020 01:45 AM - edited Jul 07 2020 02:02 AM
Jul 07 2020 01:45 AM - edited Jul 07 2020 02:02 AM
Never previously needed to sync computer objects, but now I do.
And while all look OK, they simpley do NOT sync at all
I need the sync, so I can configure hybrid-join
As previous poster, any more info about it?
Seb
Jul 07 2020 04:00 AM - edited Jul 07 2020 11:23 PM
That was painful to understand!
It seems that Azure AD Connect does NOT willy-nilly sync computer object from local AD, unles the machine has usercertificate attribute as per best decription here or here
That in turn requires Hybrid-join configured in Azure AD Connect
Because I needed a single Computer object to be Hybrid, I simply done Controlled join as per this with a GPO assigned to a single OU where the computer resides in AD
Ofcourse the computer object was already AD joined (as it was existing computer), so just done dirty AD re-join to NETBIOS name (just take out the bits after first dot)
That created usercertificate attribute and on next sync it is synced & shows:
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : YES
DomainName : MYDOMAIN
Aug 05 2019 03:29 AM
SolutionI resolved it by configuring proxy-exceptions 🙂
The reason for not synchronizing the computer-objects was that the computers were not able to contact Azure AD connection-points what is necessary to change attributes (usercertificate) so that Azure AD Connect will synchronize it to AAD.