Azure AD Connect replicates your Active Directory with Office 365.
But, from which domain controller does your Azure AD Connect get its Active Directory information?
If you want fast replication of changed attributes from your local AD to Office 365, you need to make sure that Azure AD Connect is getting its information from a domain controller that’s “in the know”.
For example, let’s say you change the proxyAddresses of User A on DC-02 and immediately trigger an Azure AD Connect replication using PowerShell. If Azure AD Connect replicates AD attributes from DC-01, your changes will likely not be included in the synchronization.
How to Perform Fast Office 365 Synchronization
There are basically two ways to achieve a quick replication of your AD changes to Office 365:
- Make sure the change is replicated to all domain controllers before triggering an Azure AD Connect synchronization, or
- Make sure to make your changes on the domain controller from which Azure AD Connect gets its information
In the first case, to ensure your changes are replicated to all DC’s you can use the RepAdmin command available in the AD tools (install via RSAT). Basically you need to run the two following commands for every DC to ensure both pull and push synchronization is made:
RepAdmin /SyncAll /e [dc-name]
RepAdmin /SyncALl /e /P [dc-name]Synchronizing all DC’s can be a bit tedious. So it’s better to use the second solution and make the changes directly on the domain controller used by Azure AD Connect.
Identify the Domain Controller Used by Azure AD Connect
To identify which domain controller your Azure AD connect is communicating with, you can use the following PowerShell command:
((Get-ADSyncConnector).Partitions.Parameters | ? {$_.Name -eq 'last-dc'}).valueOutput from this command will look similar to this:
PS C:\> ((Get-ADSyncConnector).Partitions.Parameters | ? {$_.Name -eq 'last-dc'}).value
DC-01.gigacorp.local This output shows you the name of the last domain controller that Azure AD Connect has communicated with.
With this information, you can use AD Users & Computers to connect directly to the domain controller.
Check if you’re already connected to the same domain controller as Azure AD Connect:
If not, then you can right-click your domain and select to connect to the domain controller seen in the output from the Get-ADSyncConnector command:
Now that you know you’re editing directly on the domain controller used by Azure AD Connect, you can immediately trigger an Azure AD Connect synchronization to see your changes in Office 365 quickly.
Synchronizing AD Changes to Office 365
If you’re running Easy365Manager, the Azure AD Connect synchronization is available in both user and group properties, so it’s a simple one-click operation:
If you don’t have Easy365Manager you’ll need to manually connect with PowerShell to your Azure AD Connect server and run the following command:
Start-ADSyncSyncCycle -PolicyType DeltaSetting a Preferred DC
You should always let Azure AD Connect decide which domain controller is the suitable source of AD changes. But it is possible to hard-code the domain controller(s) of choice on your Azure AD Connect server.
Use Azure AD Connect Synchronization Service Manager to configure preferred DCs.
From the main page, select Connectors, right-click your Active Directory connector, and choose properties:
From the connector properties window, select Configure Directory Partitions, select your AD directory partition, select the ‘Only use preferred domain controllers’ checkbox, click Configure and add the desired domain controllers to the list:
After this configuration, your Azure AD Connect server will stick with the PreferredDCs you have configured.
Although this may sound tempting, this also means goodbye to DC failover and fault tolerance. So better leave this option unchecked.
Summary
If you need fast replication of AD changes to your Office 365 environment, make sure to perform the changes on the domain controller used by your Azure AD Connect server.
If you’re using Easy365Manager, make sure AD Users & Computers are connected to the same domain controller used by Azure AD Connect.
This will ensure the easy one-click synchronization available from user and group properties is performed immediately.