How to control Azure AD Connect

Some time back we updated Azure AD Connect at a customer to the latest version. The update itself was an easy one, just next, next finish like they described on the Azure site. But what we found is that the sync engine itself was completely different. The previous version had a Windows timer job as it schedule and ran every 3 hour. You also where able to run that command (DirSyncClientCmd) with a parameter (initial or delta) to run a new or delta sync.

With the update this command and the Windows timer job where gone, so how can we control this new version of Azure AD Connect?

Manage the schedule

The first thing we would be able to see and manage is the schedule it runs. To see the schedule settings we need to start PowerShell J (no command prompt anymore) We can see all the settings with just one command:

Get-ADSyncScheduler

Here you see that the sync runs every 30 minutes and that the sync is enabled.

With the Set-ADSyncScheduler command you have the ability to change these settings, change the sync cycle for instance. But also stop the cycle for some time when you need to do a lot of changes in the on-premises AD.

To stop or start the schedule run the command

Do not forget to start it after you are done with your AD changes. Run the command again with –SyncCycleEnabled $true.

Manually run the sync

In the previous version you could start the job within Windows timer job, but now we do not have the option so how to start it then? This time again we need PowerShell.

To run a sync, we can use the command Start-ADSyncSyncCyle (the command has Sync twice in it)

ADSync PowerShell module

The PowerShell module has a lot more options to use, but I never used them, I only used the scheduler in this one. To setup extra domains I always used the AzureADConnect installer. When you use the AzureADConnect installer, it will automatically update the Sync client if a new version is available.

To select just a few OU’s to sync use option when you configure the new domain or use the miisclient.exe (C:\Program files\Microsoft Azure AD Sync\UIShell). This is the Synchronization Service Manager for Azure. This tool can also be used to see how the sync is running or look for a user in the sync and what is synchronized for that particular user.

Resources

A full overview of the scheduler can be found on the documentation pages of Azure. https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-feature-scheduler/