Sync Local AD Object Properties to Azure Manually

 

Azure AD Sync Service

Sync Local AD Object Properties to Azure Manually

Most small and large businesses have a local domain with domain controllers. When using Microsoft 365 online services, these business will commonly also have an AD Sync server. This server often just a small virtual machine running Azure AD Connect service. 

Azure AD Connect Services Sync

Azure AD connect services sync local change from the local domain to Azure on schedule. The schedule is restricted by Microsoft and the shortest time is 30 minutes. Password changes occur nearly instantly but all other AD object additions or changes to exiting objects take 30 minutes or more. 

Other factors such as local AD replication between domain controllers affects syncing as well. So with sloe local replication the time to sync changes or AD additions to Azure will take even longer depending on the speed of local replication. 

To trigger a local AD replication, logon a domain controller and open an elevated command prompt. this is the fastest way to replicate all domain controllers throughout all sites. This is faster than using the UI. 

At the command prompt enter the following command: 

  C:\>repadmin /syncall /APeD

The command will trigger AD replication though-out the entire domain on all domain controllers.  This an other command can be run remotely. Remote support and software for online Desktop support gives us the capability to access computers and servers remotely for remote control. Some are agent based and others are on-demand. In either case once connected remotely with online computer support software of your choice, you  help the user or administer the server. 

Manual adsyncsynccycle 

Manual AD Sync from local AD to Azure.

The following command I have run very often to trigger replication or syncing from the local domain to Azure. This quick option for manual replication enables faster updates to Azure. it is particularly useful when a new user has been added and you need to continue setting up the user with their desktop and applications. 

Use RDP or another method to access your Azure Sync server and run the following command as shown in the screen capture in this post. that was taken from a real server that was setup and configured to perform Azure AD sync with Microsoft Azure AD connect software.

Run the command in an elevated PoweShell Session. Include the capitalization. 

         C:\>Start-ADSyncSyncCycle -PolicyType Delta 

Be sure to include Delta at the end of the command. There is another option (actually many more) to this command but another that would sync is Initial instead of delta. Please avoid using that option unless you have good reason to because it could cause other issues. Changes are updates lowly sometimes in Azure so expect several to 20 or 30 seconds before you see the changes in Azure. 

Troubleshooting ADSyncSyncCycle AD syncing to Microsoft Entra 

Most common issue with Azure Entra Syncing is the service has stalled for whatever reason. Restart the services associated with Azure / Entra Sync . A reboot of the server is often not required. Be careful to NEVER alter the login ID used for the services. 

.

Logoff Console User using N-able System Shell

         Logout Console User using N-able System Shell

Whether the situation you encounter requires is concerning a stuck console session or session that are in disconnected states that need to be manually logged out, there is software that will help and assist. There are tools such as software for online desktop support that work both on the local network and also over the internet.

Attempting logon to server but it is locked. Can't reboot because it's a server and can't be taken down like that. There are active users on the server with open files. Use N-able System Shell to logoff active console session user. 

Just running the command "logoff" at the System Shell window s not enough.

Click System Shell at the top of the take control viewer window, then run the command query session. That will display the current logged on sessions. Take note of the ID number of the user you want to logoff that's a console session.  

Then run the command logoff and the ID number you retrieved. 

    query session

    logoff  {ID#} 

That will logoff the disconnected or connected session and you'll now be able to login to the to the console. This process has worked every time.   The logoff option also works through RDP and also permits logging off RDP connected desktop sessions as well. 

For RDS servers, the same command that queries connection to the server could be used. You will find the list of users logged in will be longer with a busy remote desktop services server. 

We are all used to remotely accessing into systems and servers on the local network using RDP (Remote Desktop Connection) for example. RDP is the default tool for most admins internally. Online access is typically the same and is just a matter of having the user enter a code for security and then there's a connection for screen sharing. 

  

Enhance your Support Services with Online Desktop Support Software.