0% found this document useful (0 votes)
2K views4 pages

Synchronization Service Manager - Azure AD

The Synchronization Service Manager UI in Azure AD Connect is used to configure the sync engine and view sync operations. It allows selecting which on-premises Active Directory organizational units to include or exclude from synchronization with Azure AD. Excluding an OU will remove existing synchronized objects from Azure AD during the next full synchronization, though their data is soft deleted and can be recovered. A full synchronization must then be triggered via PowerShell to apply the OU selection changes.

Uploaded by

Abhijeet Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
2K views4 pages

Synchronization Service Manager - Azure AD

The Synchronization Service Manager UI in Azure AD Connect is used to configure the sync engine and view sync operations. It allows selecting which on-premises Active Directory organizational units to include or exclude from synchronization with Azure AD. Excluding an OU will remove existing synchronized objects from Azure AD during the next full synchronization, though their data is soft deleted and can be recovered. A full synchronization must then be triggered via PowerShell to apply the OU selection changes.

Uploaded by

Abhijeet Kumar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Introduction to the Azure AD Connect Synchronization Service Manager UI

The Synchronization Service Manager UI is used to configure more advanced aspects of the sync
engine and to see the operational aspects of the service.

Metaverse : The metaverse is a storage area that contains the


aggregated identity information from multiple connected data sources,
providing a single global, integrated view of all combined objects

Start the Synchronization Service Manager UI from the start menu. It is named Synchronization


Service and can be found in the Azure AD Connect group.
log onto the server where you have Azure AD Connect installed and open
the Synchronization Service program.

This opens the Synchronization Service Manager. From here select


the Connectors tab. Under the Connectors section double-click the name of
your local Active Directory. In my example, this is SKARO.LOCAL. This will bring
up the Properties screen for that connector.
From the Properties screen, select Configure Directory Partitions. Then
select the Containers button.

This will launch a screen requesting credentials. The credentials you enter here
do not necessarily need to be admin credentials. Azure AD Connect just needs
an account that can read Active Directory. Once the credentials are entered
click Ok.
This will bring up the Select Containers screen where you can pick which
organizational units you want to include or exclude.

 Unchecking a box will remove all objects contained within that


organizational unit from the synchronization process
 Checking a box will add all objects contained within that organizational
unit to the synchronization process
In our example, we are going to uncheck everything except ‘Whoniverse’ and
its child OUs. This means that only objects under those checked OUs will be
synchronized to Azure AD. Anything under an unchecked OU will be removed
from Azure AD. Click Ok twice.

Keep in mind that if you previously synced an object to Azure AD and that
object is now contained in an excluded OU that object will be deleted from
Azure AD during the next synchronization. All data associated with that object,
such as a mailbox or OneDrive storage will be deleted. The good news is that
the data is soft deleted. You can recover this accidentally deleted object (and
its data) by either including that organizational unit back into the sync, or, by
moving that object into an organizational unit that is still included in the
synchronization.
Note: Soft deleted data does have an expiration date and when reached that
data is permanently deleted.
Applying the changes
For these changes to take effect we need to perform a full synchronization. The
easiest way to accomplish this is to open PowerShell on the server with Azure
AD Connect installed and run the following command. While the policy type
of “Initial” does sound like it might wipe and replace everything in Azure AD be
assured that it does not. Initial just means a full synchronization.
 C:\> Start-ADSyncSyncCycle -PolicyType Initial

Note: A full sync will take considerably longer than a delta sync. For
organizations with tens of thousands of objects, this may take several hours to
complete. It is worth noting that while a full sync is taking place, delta syncs
cannot occur. Any changes made to local AD during the full sync will have to
wait till the full sync completes and a new sync is initiated.
We can monitor the progress of the full sync through the Operations tab in
the Synchronization Service Manager. For a single forest environment, you
should see 6 rows for the full synchronization all marked with success. You can
select each row to examine more detailed reports about what is being added
or removed from Azure AD.

After the full sync completes only objects contained in included OUs will
appear in Office 365. All other objects will be removed. With the full sync
complete, delta syncs will automatically resume based on their configured
schedule. If you need to make any changes to the OU selections you will need
to repeat the steps above and rerun another full sync.

You might also like