Kannan CS

In this post, we are explaining the Installation and configuration of the Azure AD Connect (AAD sync scheduler) to an on-premise Domain to manage the Windows 10 devices. To enable the Co-management feature, the Windows 10 devices to be connected to Hybrid Azure AD joined or directly joined to AAD.

In this series of posts, I’m going to explain end to end process to build an Intune lab environment. It’s assumed that you already have a domain controller and all the on-prem servers. More details about building a domain controller here.

Introduction

ADSyncScheduler is Azure AD connect component to synchronize the changes occurring in on-premise active directory. The Scheduler configurations are saved in Azure AD.

The scheduler will perform the

1. Password Sync
2. Object/Attribute Sync and maintenance task

How to check the Scheduler configuration

Run the PowerShell command Get-ADSyncScheduler to view the current configuration in the environment.

• AllowedSyncCycleInterval. The shortest time interval between synchronization cycles allowed by Azure AD. You cannot synchronize more frequently than this setting and still be supported.

Default sync time is 30 minutes

• CurrentlyEffectiveSyncCycleInterval. The schedule currently in effect. It has the same value as CustomizedSyncInterval (if set) if it is not more frequent than AllowedSyncInterval. If you use a build before 1.1.281 and you change CustomizedSyncCycleInterval, this change takes effect after next synchronization cycle. From build 1.1.281 the change takes effect immediately.

Default sync time is 30 minutes

• CustomizedSyncCycleInterval. If you want the scheduler to run at any other frequency than the default 30 minutes, then you configure this setting. In the picture above, the scheduler has been set to run every hour instead. If you set this setting to a value lower than AllowedSyncInterval, then the latter is used.

• NextSyncCyclePolicyType. Either Delta or Initial. Defines if the next run should only process delta changes, or if the next run should do a full import and sync. The latter would also reprocess any new or changed rules.

• NextSyncCycleStartTimeInUTC. Next time the scheduler starts the next sync cycle.

• PurgeRunHistoryInterval. The time operation logs should be kept. These logs can be reviewed in the synchronization service manager. The default is to keep these logs for 7 days.

• SyncCycleEnabled. Indicates if the scheduler is running the import, sync, and export processes as part of its operation.

• MaintenanceEnabled. Shows if the maintenance process is enabled. It updates the certificates/keys and purges the operations log.

• StagingModeEnabled. Shows if staging mode is enabled. If this setting is enabled, then it suppresses the exports from running but still run import and synchronization.

• SchedulerSuspended. Set by Connect during an upgrade to temporarily block the scheduler from running.

The below example when AD connect Sync in progress

Important : When AD Connect sync in progress, you cannot make changes in AD connector Scheduler

How to manually Start the Scheduler

Using Start-ADSyncSyncCycle PowerShell command, you can initiate the Delta and Full Sync

• To initiate Delta Sync PS command line : Start-ADSyncSyncCycle -PolicyType Delta

The following step for Delta Sync

1. Delta import on all Connectors
2. Delta sync on all Connectors
3. Export on all Connectors

• To initiate the Full sync PS command line : Start-ADSyncSyncCycle -PolicyType Initial

The following step for Full Sync

1. Full Import on all Connectors
2. Full Sync on all Connectors
3. Export on all Connectors

Synchronization Service Manager GUI

The Synchronization server Manager GUI is available in

“%Program Files%\Microsoft Azure AD Sync\UIShell\miisclient.exe”

Using the GUI, the entire history of Sync data is updated in the tool.

The GUI tool has an options to initiate the Full or Delta Sync or import the objects from on premises directory.

The Synchronization Statistics will be available once the sync task is completed

Resources

• MS reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-scheduler
• Reference: https://docs.microsoft.com/en-us/mem/configmgr/comanage/overview#azure-ad
• 11 Days of Free Intune Training Course by HTMD Community
• 25 Episodes of Free Intune Training for Device Management Admins