Fixing Hybrid-User Sync Issues with Azure AD Connect

Рет қаралды 38,717

Күн бұрын

Пікірлер: 74

@NiklasJumlin 4 жыл бұрын

"MOM! I'm famous!" How I couldn't imagine this script being useful to anyone else but myself.. I'm glad it was useful however! :) Cheers! P.S: A friend from the PowerShell community gave me the link to the video

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@marksd8310 2 жыл бұрын

Was stuck, followed so many sites. Came across you're really insightful video. Fixed my issue in a flash. Also what an awesome ImmutableID tool. Thank you so much!

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@alokdubey4085 4 жыл бұрын

This was a brilliant video, cleared some doubts I had from long time. Thank you so much for putting up this video with a live demo.

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@delxiv Ай бұрын

Thank you for this detailed and clear explanation of the AD Sync process and how to fix this issue. Enjoy your new sub. Can you briefly explain what happens if an AD hybrid sync that hasn't happened in a while, happens? Recently found that while the AD password hash sync has been working, the directory sync has not been syncing for months.

@CC-qt6sf 2 жыл бұрын

Excellent demonstration and explanation.

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@bshwjt 11 ай бұрын

Pls make similar kind of tutoriuls. Nice explanation .

@SecureCRC 10 ай бұрын

Thank you. I'll try. I have to be the Jack of All Trades, so sometimes they're not that detailed. I appreciate it!

@Eagle-pe9pg 4 жыл бұрын

Thank you this tutorial was excellent.

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@hrishikeshchowdhury6987 4 жыл бұрын

Wonderful description. well explained. Thank you.

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@gtequemo 5 жыл бұрын

Hi Joe, great video. I can't find the script on the blog. Would you please attach the script here and any steps? Thank in advanced for your help.

@pkaycr 5 жыл бұрын

Thank you so much! I'm grateful for this tutorial. Question: I visited the provided website, but I'm confused on how to save the Powershell Script. Any help will be appreciated.

@SecureCRC 5 жыл бұрын

Peter Kay, glad you found it helpful.

@SecureCRC 5 жыл бұрын

I just used copy and paste

@pajaa133056 4 жыл бұрын

Hey I was able to find a faster way to resolve this issue building on the information in the video.

@SiBex_ovh Жыл бұрын

IdFix in settings have a SearchBase but how use a space for OU, ex: ou=!HQ Poland,ou=Corpo,ou=local ? I try ' or " in differ forms and not work.

@ivanbravomunoz1305 4 жыл бұрын

Very well explained. Thank you!

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@hovhanneshovakimyan 4 жыл бұрын

Really really good explanation. Thank you!

@SecureCRC 2 жыл бұрын

You're welcome

@cmertz112 4 жыл бұрын

This video is perfect... thank you!! Just one question came up: if I plan to migrate standalone AD and O365/AAD installations to a linked/synced scenario with Azure AD Connect, to make use of SSO functionality, would it be enough to take the ImmutableID, convert it to hex, put it into the MS-DS-ConsistencyGUID and start sync afterwards?

@SecureCRC 4 жыл бұрын

AD Connect prefers to use the MSDS-ConsistencyGUID over the normal GUID property. Whichever is used, this property becomes the ImmutableID. YOu can look at the AD Connect configuration and see which one it is using by starting the tool and choosing View Configuration. Either property will work for SSO but the msds property is changeable. This "changability" is advantageous if a sync issue creates a duplicate account in Azure. If you're using, GUID now and want to switch to MSDS-ConsistencyGUID, you can use AD Connect to do this. as long as the property is NULL for all users, AD Coonnect will use it. If any user has it populated, AD Connect will not use it. It should not b e populated for anyone. If it is, you can use a powershell script to NULL the values on everyone. Just make sure that some other app isn't using the property for its own use. this would be one reason why the property has a value in the first place.

@StreetSmartification 2 жыл бұрын

Thanks a lot for this awesome video, very informative. Question: is that possible to reverse the process where we get our users from azure for example 20 of them and get it synced to on premise?

@SecureCRC 2 жыл бұрын

Microsoft has a process called SMTP mapping that might work.

@monchurmiah1229 2 жыл бұрын

Hi I’m having some issues with synchroniza, so when I create an user on ad it’s should show on office 365 but it’s not I can’t add any user into group through ad because of synchroniza any solution.

@SecureCRC 10 ай бұрын

There is a sync services tool on the AD Connect server. look for sync errors. you can see these in the Entra portal also under the Hybrid node. It's probably a sync issue because of more than one account that has a duplicate property like email address.

@SigurdurKristofersson Жыл бұрын

Thank you so much. Great Video.

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@tatetrick 3 жыл бұрын

Exactly what I needed. Thank you.

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@tbits01 2 жыл бұрын

Thank you for doing this amazing video. You’re brilliant!!! 😃

@SecureCRC 2 жыл бұрын

thanks!

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@bejaises1 3 жыл бұрын

Really great video, pointing me in the right direction, i have a user who was deleted from normal AD(Still showing in Azure AD), showing up in 365 but cant delete the mailbox/hide from GAL, error that the user is synced from on prem AD but there is no on prem AD account anymore ...argh

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@bejaises1 10 ай бұрын

@@SecureCRC lol yeah, i...think it got resolved :)

@arpitpeters1986 3 жыл бұрын

Please provide the difference between ms-dsi-consistancy-guid and source anchor and immutable ID. Also it's working

@SecureCRC 10 ай бұрын

the guid is the attribute name within on-prem AD. the Immutable ID is the attributes name in Entra ID (Azure AD). the two systems just call it something different. So, Joe's MS-DS-Consistency-GUID (or just Object-GUID) has the same value as his Immutable ID. Since the AD attribute can be one of several things including object guid or ms-ds...guid, we refer to the attribute that we choose for this purpose as the Source Anchor. MS-DS-Consistency-GUID is the most flexible and widely used attribute.

@JoyFos2024 2 жыл бұрын

Awesome video, thank you!

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@otakuguild5603 2 жыл бұрын

Excellent video

@SecureCRC 10 ай бұрын

You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)

@emraankhan9921 3 жыл бұрын

Hello ! I have project about Azure AD Users and On-premises users should sync both Environment like Same users in Cloud and On-premises ! and they will be able to log in different environment with same usermane and password . have any solution for that!

@SecureCRC 10 ай бұрын

AD Connect will create the users in both places. user password hash and they'll have the same password. However, the sync is one-way from AD to Entra ID. Not backwards to the on-prem domain.

@ameyraj4947 2 жыл бұрын

Can We sync the ad group from azure ad group as it is easy to add users in azure ad group. And then sync with ad group on-premise.

@SecureCRC 10 ай бұрын

you can turn on group-writeback in AD Connect wizard

@michaelrecinto1784 5 жыл бұрын

Do device objects use this attribute too? In a hybrid AAD and AD on prem I have users synced, but now we are trying to implement AAD Hybrid Join. I don't see devices in AAD.

@SecureCRC 5 жыл бұрын

No Michael. I believe only User objects can use the msds-consisttncyguid. all other objects will use ObjectGUID property. Make sure the computer objects are in an OU that is being synched by AD Connect.

@pajaa133056 4 жыл бұрын

Hey was this resolved? I just completed this and got it working.

@nimesis124 2 жыл бұрын

I can see my local AD users in Azure AD but Azure AD users are not synced in local AD

@SecureCRC 10 ай бұрын

AD Connect is a one-way sync. from AD to EntraID (azure AD)

@SecureCRC 10 ай бұрын

AD Connect is a one-way sync from AD to EntraID (Azure AD). it does not sync backward.

@brent4770 3 жыл бұрын

Can you do this in a home virtual network lab for training? I can't figure it out?

@SecureCRC 10 ай бұрын

I have a home lab created with Hyper-v. I have a domain controller installed and other servers/workstations. You can create a DEV tenant with microsoft and get AD Connect to sync the two.