1

Problem

I am trying to use AD connect to sync a set of filtered users to Azure from an on-premise environment which has never been set up as a hybrid before. AD connect is showing a successful sync in the AD sync service. In Azure, the sync status is set to enabled and has synced in the last hour.

Everything looks fine. However, when I view the users in Azure, they show that they are not syncing directories.

Topology

  • AD Connect installed on DC
  • DC running Windows Server 2012 (not R2)
  • AD Connect version 1.5.45.0

We use an on-premise AD and are trying to link this to Azure in a hybrid configuration using AD Connect. AD Connect is installed on our DC.

Current Configuration

AD connect is using the settings below:

enter image description here

Troubleshooting results

We have started the sync and it shows no errors in the sync service. It does show however that despite my group filters that many more items are being synced:

enter image description here

Despite all this, when I view the users in Azure, they show that they are not syncing directories:

enter image description here

Using the PowerShell troubleshooter I receive no issues due to connectivity of either Azure or AD.

Tried solutions

  • Changed AD service account password and set this in AD connect like this article.
  • Created a new AD service account.

Conclusion

Where do I go from here to fix or at least troubleshoot this issue?

Rhys
  • 27
  • 2
  • What do you mean the users in Azure AD show no change? Give us specifics. – joeqwerty Jan 25 '21 at 13:19
  • Sorry, I have changed that. Truth be told I'm not sure what the check and what to tell, there is an awful lot that goes into AD connect. I've tried to add the areas that other posts seem to highlight or are asked about. – Rhys Jan 25 '21 at 13:47
  • My first guess would be that your group filter is not returning any results, have you checked this? – Sam Cogan Jan 25 '21 at 14:19
  • Hi @SamCogan, I haven't checked this, how do I do so? – Rhys Jan 25 '21 at 14:25

1 Answers1

0

You have "Filter Objects to Synchronize by Group" enabled, is it possible you are filtering by a group but you don't have any users in that group?

Run "Azure AD Connect", click on Configure and then "Customize Synchronization Options" then follow the steps until you get to "Filtering" and verify your filtering options. You should be able to see there what is the Group being used for filtering, you can either disable Group Filtering or make sure your users are members of that group.

As per Microsoft: "This feature is intended to support only a pilot deployment. Don't use it in a full production deployment."

Keep in mind, Group filtering can only be enabled during initial setup, if you disable it you will not be able to enabled it again.

Sources:

MrLumute
  • 334
  • 1
  • 7
  • Thanks for the help. I don't think this is it unless AD is playing up, I have checked the group and it definitely has users in it. I am testing with two admins for now as I am doing a pilot, I'm a little afraid to go all-in yet. I am going to keep playing around today. – Rhys Jan 26 '21 at 08:55
  • 1
    Please clarify the following: Are any on premises user accounts being synchronized to Azure AD? Also, synching on premises users to existing users in Office 365 is called matching. Is your problem that users are not being synched at all or is your problem that they're not being matched to existing Office 365 user accounts? – joeqwerty Jan 27 '21 at 04:45