This is the last section inside Implement and manage hybrid identity and ending with:
- implement and manage Azure Active Directory Connect Health
- troubleshoot synchronization errors
Table of Contents
Azure AD Connect upgrade
First Your should obtain the newest version of Azure AD connect.
You can download it here: Download Microsoft Azure Active Directory Connect from Official Microsoft Download Center if not installed already.
Troubleshooting from Azure AD portal
You can see the status of Cloud sync and AAD Connect, this is the first place to see the syncing status in my opinion.
Troubleshooting with Synchronization service
You can also see the sync errors directly from sync service.
When You open the service You will see all the syncs in the list. If there is any errors, You can see them under errors in imports and exports
And from Azure AD to the SQL Express DB.
I will explain a bit to clarify how the syncing works. You have two connectors that will push and pull object to SQL Express DB that is installed the same time than Azure AD Connect.
One for Azure AD (Import and Export) and other one for On-premises AD (Import and Export)
First time is the initial sync and after that always Delta, if not otherwise commanded.
Service account for service
By default Azure AD Connect will provision a user starting with MSOL_* and You can check this account from sync service and even change it if needed.
Troubleshooting with M365 Admin center
You can also find the errors from M365 Admin center.
When You click the username You will see the full error details.
And the sync status also. From there You can see the service in the cloud.
Troubleshooting with Azure AD Connect
It will open PowerShell.
Example if You choose 6
And if You choose 1
You have add the user DN.
Which You can find from here.
Then the inspection will start and You will be prompted for Azure AD creds.
It will connect to Azure AD and generate a HTML-report for You.
And here is the report.
PHS troubleshooting
You can also troubleshoot PHS with PowerShell.
Azure AD portal Health reporting
Display diagnostic to Microsoft
You control what Microsoft will see in a debugging scenario, this settings can be changes under configure.
Health agent for AD DS
Install
And after the install choose configure.
enter credentials.
Reports
After the install You can see the report from Azure portal.
And when You expand the object, You will see more information from Your on-premises AD.
Things to remember
Two connectors for syncing exist, One for Azure AD (Import and Export) and other one for On-premises AD (Import and Export)
Check than syncing account is still available and usable inside Local AD and Azure AD.
All the service accounts are created by Azure AD Connect wizard but afterward You can change them if needed.
Azure AD Connect Cloud provisioning agent supports only gMSA accounts, not separate password enabled accounts.
You have possibilities to check health for ADFS, AD DS and Azure AD Connect service.
PowerShell troubleshooting is also available thru Azure AD Connect config wizard.
RSS - Posts