Forum Discussion
Looking to run AAD Sync soon
What we would like to do is allow the users to change their own passwords for starters. That will require write-back correct?
Yes, that requires password write-back which in turn requires Azure AD premium. However, Azure AD premium is not included in Office 365 license so you need to buy it separately.
- Todd PurifoyAug 27, 2018Brass Contributor
Ok...thanks for the info.
One last thing, I did create an OU and sync it, and I threw a test account in there. It appears to have gone smoothly, but I can't really tell how to judge success. Is there a log or some way to tell that a user is now in sync?
I used to see status as "in cloud" I believe, but now I just see the license information in Status field. None of the user info or detail actually seemed to change although the local AD account would have much less info than the cloud account. I would assume it would overwrite the cloud info?Not sure how to test success. The local account has a different password than the cloud account, and if I understand the documentation correctly, the password hash should cause the cloud password to reset to the local one?
- Aug 27, 2018
You may need to logout and in again, as admin center is not aware that you turned the sync on. After logging in, there should be column showing the sync status cloud/synced with on-prem directory.
Easiest way to test is to create a new test user to the synced OU and see whether it is synced to cloud or not.
You can see the what happens under the hood if you start the Synchronization Service app (aka miisclient) and see the operations tab. There are export events with your Office 365 tenant name, click that and you'll see how many objects are created/updated/deleted.
The password is updated from on-prem to existing cloud user only if the users are matched during the sync (same upn/email).
- Todd PurifoyAug 27, 2018Brass Contributor
Thanks for the help. It looks like I am striking out. I can see that it IS picking up deltas from the domain, but when it comes to the export portion, nothing is actually being written to Azure.
In Synchronization Service, I do a FULL IMPORT, and I can see 8 UNCHANGED, and 1 UPDATE (The update is a user I added to the OU)
Immediately following is an EXPORT, but there are 0 adds, updates, renames, deletes, or delete adds
So I feel like I am getting closer, but not quite there yet. There are no errors though.
Nestori Syynimaa wrote:You may need to logout and in again, as admin center is not aware that you turned the sync on. After logging in, there should be column showing the sync status cloud/synced with on-prem directory.
Easiest way to test is to create a new test user to the synced OU and see whether it is synced to cloud or not.
You can see the what happens under the hood if you start the Synchronization Service app (aka miisclient) and see the operations tab. There are export events with your Office 365 tenant name, click that and you'll see how many objects are created/updated/deleted.
The password is updated from on-prem to existing cloud user only if the users are matched during the sync (same upn/email).