Sync Local AD Object Properties to Azure Manually

 

Azure AD Sync Service

Sync Local AD Object Properties to Azure Manually

Most small and large businesses have a local domain with domain controllers. When using Microsoft 365 online services, these business will commonly also have an AD Sync server. This server often just a small virtual machine running Azure AD Connect service. 

Azure AD Connect Services Sync

Azure AD connect services sync local change from the local domain to Azure on schedule. The schedule is restricted by Microsoft and the shortest time is 30 minutes. Password changes occur nearly instantly but all other AD object additions or changes to exiting objects take 30 minutes or more. 

Other factors such as local AD replication between domain controllers affects syncing as well. So with sloe local replication the time to sync changes or AD additions to Azure will take even longer depending on the speed of local replication. 

To trigger a local AD replication, logon a domain controller and open an elevated command prompt. this is the fastest way to replicate all domain controllers throughout all sites. This is faster than using the UI. 

At the command prompt enter the following command: 

  C:\>repadmin /syncall /APeD

The command will trigger AD replication though-out the entire domain on all domain controllers.  This an other command can be run remotely. Remote support and software for online Desktop support gives us the capability to access computers and servers remotely for remote control. Some are agent based and others are on-demand. In either case once connected remotely with online computer support software of your choice, you  help the user or administer the server. 

Manual adsyncsynccycle 

Manual AD Sync from local AD to Azure.

The following command I have run very often to trigger replication or syncing from the local domain to Azure. This quick option for manual replication enables faster updates to Azure. it is particularly useful when a new user has been added and you need to continue setting up the user with their desktop and applications. 

Use RDP or another method to access your Azure Sync server and run the following command as shown in the screen capture in this post. that was taken from a real server that was setup and configured to perform Azure AD sync with Microsoft Azure AD connect software.

Run the command in an elevated PoweShell Session. Include the capitalization. 

         C:\>Start-ADSyncSyncCycle -PolicyType Delta 

Be sure to include Delta at the end of the command. There is another option (actually many more) to this command but another that would sync is Initial instead of delta. Please avoid using that option unless you have good reason to because it could cause other issues. Changes are updates lowly sometimes in Azure so expect several to 20 or 30 seconds before you see the changes in Azure. 

Troubleshooting ADSyncSyncCycle AD syncing to Microsoft Entra 

Most common issue with Azure Entra Syncing is the service has stalled for whatever reason. Restart the services associated with Azure / Entra Sync . A reboot of the server is often not required. Be careful to NEVER alter the login ID used for the services. 

.

What happened to dsa.msc in windows 2008 server

What happened to dsa.msc in windows 2008 server.

The simple truth is that it's no longer part of the default installation of the server OS, sorry. There's a logical explanation of this for sure. The first that comes to mind is security. Anyone with access to a server can load up users and computers on any member server. This is usually no big deal but with identity theft always on the rise, this is a convenient way to get additional information about users.

With windows 2003 a member server made a nice convenient gateway to AD users and computers by simply executing dsa.msc from the command line or from the start run command. while working out issues on another server, a handy look-up and some times a useful tool to add a test account or to make a quick change to an existing account , was running dsa.msc. Although in environments that had Exchange servers, running this from a member server would not shoe email properties, it was still useful and often meant having to avoid another remote connection to a domain controller.

The image in this post shows the options that should be selected to add this functionality back into member server. The installation of the feature does not require a reboot and only takes several minutes - of course that's on a dual quad core server.
A positive about server support , in particular when the server is an HP or Dell PowerEdge server, is the technology developed and incorporated into server support that facilitates remote access and remote control of servers from the local LAN or through the Internet. The technology that permits this remote control of the console is HP iLO and from Dell it is Dell iDRAC. These two technologies have enabled support to remote control the server's console without having to even have an operating system installed. The technology permits support through the network and on the web.