User Profile
ChrisFox273
Copper Contributor
Joined Jul 16, 2020
User Widgets
Recent Discussions
Re: Sync Issues with AAD Connect Service not updating attributes
Ok! I have it working again. I'll explain as best I can. After digging into some more details I discovered that basically every user was showing as failing in the Export to AAD step due to the error "ExceededAllowedLength". When I dug into that, it was a Directory Extension attribute, "extension_[alphanumeric-string]_thumbnailphoto". We had tried to sync thumbnails to the cloud in the past, and I had been playing with it a couple of months back. I turned off all synching of directory extensions and any references to thumbnail attributes, but the errors remained there. I was all set to try uninstalling and reinstalling AADC on my backup server which was running in staging mode (where the errors had first started to appear) to try and clean out the local DB when a workmate remembered he had dealt with the same issue in the past, and opened a ticket with MS. They came back to him with a process to clear out the "Connector spaces" in AAD. Details below: Open Synchronization Service manager tool as an administrator: Click on Connectors Tab Right click on the "Active Directory Domain Services" connector type and click Delete. In the 'Delete Connector' box, check 'Delete connector space Only' and click Ok > Yes > OK Right click on 'Windows Azure Active Directory' connector and click Delete. In the 'Delete Connector' box, check 'Delete connector space Only' and click Ok > Yes > OK On the open PowerShell window, run the below command: Start-AdSyncSyncCycle -PolicyType Initial It's worth noting here that you need to disable the sync before you can delete the spaces using "Set-ADSyncScheduler -SyncCycleEnabled $false". Once you clean out the spaces, re-enable with the same command and "$true" (of course). This fixed my issue, and cleaned up the logs heaps. And it's also worth noting that the issue above was stopping the sync of all sorts of changes (names, account details, org details, proxy addresses). Clearly, having that error in place stopped any other details from synching. Thanks for helping out!20KViews3likes3CommentsRe: Sync Issues with AAD Connect Service not updating attributes
harveer singh Thanks for your reply, and sorry it took so long to get back to you. I did a custom install of AAD Connect, and let the installer create a new service account. I have checked the permissions for this account in AD, and they are all fine. And yes, when I search for a changed user in Metaverse I see the updated local object fine, with all the relevant changes, coming from the AD connector. So the updates are making it into AAD Connect. But they just don't get sent to Azure AD. DNS is working fine on the AADC server, and there is no proxy. And no outbound filtering at all on the firewall. Is there any way of seeing what is happening with the export to Azure AD? I can also confirm it isn't just proxy addresses that aren't updating. We have a user who had a surname change done a little over a week ago. If I search the user in Metaverse, I see the account with the updated name and UPN. But if I look for the user in Azure AD, the name and UPN remain as they were before. Yet AADC is running and saying successful.20KViews0likes2CommentsSync Issues with AAD Connect Service not updating attributes
Hi Everyone, one for the big brains. We are having issues with our AAD Connect not updating attributes between on-prem and Azure AD. The issue was first found when migrating mailboxes to the cloud. Some mailboxes were failing as the user account in AAD didn't have a remote routing address. This was usually caused by the address policy being turned off for the user. I manually added the remote routing address on-prem, but the change didn't sync to the cloud. It has grown from there. It now appears most changes do not sync through. New accounts sync to AAD fine, but after that, I cannot get changes to sync through. They show up on the connectors in AAD Connect as "Updates", but when I look at the detailed list of attributes for the user being updated, the new details are in the list, but under the "Changes" column, every single line says "None", even the line where I have made a change. I have tried setting up a whole new AAD Connect Service on a different server, no change. Can someone help out, before I log a ticket with MS?21KViews0likes8Comments
Recent Blog Articles
No content to show