How do you force synchronization between your local on-premises Active Directory and Azure?
There are two options.
How to Sync Azure AD Connect From AD
With Easy365Manager, you can synchronize Azure AD Connect from the properties of any user account in AD Users & Computers:
Without Easy365Manager, you need to use PowerShell to force Azure AD Connect to synchronize AD and Azure.
How to Sync Azure AD Connect From PowerShell
Run the PowerShell command Start-ADSyncSyncCycle to trigger the synchronization.
- For delta synchronization use the parameter -PolicyType Delta (used in most situations)
- For full synchronization, use the parameter -PolicyType Initial (rarely used)
The following command performs a delta synchronization:
Start-ADSyncSyncCycle -PolicyType Delta
The output will look similar to this:
PS C:\> Start-ADSyncSyncCycle -PolicyType Delta Result ------ Success
If you’re seeing the following error, you’re probably not logged in to your Azure AD Connect server.
Start-ADSyncSyncCycle : The term 'Start-ADSyncSyncCycle' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Import-Module : The specified module 'ADSync' was not loaded because no valid module file was found in any module directory.
To see how you can perform the Azure AD Connect synchronization remotely, continue reading.
How to Perform Remote Synchronization of AD and Azure
You don’t need to log in to your Azure AD Connect server to force synchronization between AD and Azure.
Use the following steps to force a remote synchronization of AD and Azure:
- Use the Enter-PSSession command to connect to your Azure AD Connect server
- Perform a delta synchronization using the Start-ADSyncSyncCycle command
- Exit the PSSession to kill the connection to your Azure AD Connect server
Use the following code to perform a remote delta synchronization:
Enter-PSSession DC-01 Start-ADSyncSyncCycle -PolicyType Delta Exit-PSSession
The output will look like this:
PS C:\Windows\system32> Enter-PSSession DC-01 [DC-01]: PS C:\Users\adm.ad.jane\Documents> Start-ADSyncSyncCycle -PolicyType Delta Result ------ Success [DC-01]: PS C:\Users\adm.ad.jane\Documents> Exit-PSSession PS C:\Windows\system32>
(assuming DC-01 is your Azure AD Connect server)
Improved Office 365 Synchronization and Management
Making sure that Azure is quickly updated when making changes in your local AD can be frustrating.
As detailed here, the default synchronization schedule is every 30 minutes and is not configurable.
You can ease your administrative pain in two ways:
Schedule a PowerShell script to synchronize Azure on every AD user change (a free script with a complete explanation is available here) automatically.
Alternatively, use Easy365Manager to manage AD users, Office 365, and Azure synchronization in one consolidated tool.
Easy365Manager is a plugin for AD Users & Computers which will add two new tabs to user properties and one new tab to group properties. The new tabs allow you to configure Azure synchronization as well as Office 365 mailboxes, Office 365 licenses, and many other items.
A free, fully functional 30-day trial is available here.
Improved Office 365 Management
Managing a hybrid Office 365 environment involves a lot of complexity and a lot of tools.
To illustrate this, let’s consider creating a synchronized user with an Office 365 mailbox and delegated calendar access (quite a common scenario):
- You need AD Users & Computers to create the user.
- You need PowerShell to synchronize the account to Office 365 (or wait up to 30 minutes before you can do the next step)
- You need the Microsoft 365 Admin Center (or the Azure Portal) to assign an Office 365 license (enable the mailbox).
- You need then again PowerShell to configure the calendar delegation.
This process is greatly simplified by Easy365Manager.
Easy365Manager is a snap-in to AD Users &/ Computers that consolidates your AD and Office 365 administration.
With Easy365Manager you can perform all of the above tasks directly from user properties in AD Users & Computers.
You can assign the Office 365 license:
You can configure calendar permissions: