Link to home
Start Free TrialLog in
Avatar of cmdolcet
cmdolcetFlag for United States of America

asked on

Directory synchronization for Office 365

I am getting a warning that my Last Directory sync was 3 + days ago. I have attached the screen shot below. What can I do to remedy the issue. I have everything moved over to O365 however I am still using my company Active directory for integration so I am not fully off prem.

Has anyone ever seen this issue?
Error-Message.PNG
Avatar of Shreedhar Ette
Shreedhar Ette
Flag of India image

First check if you have set the SyncCycleEnabled vaule is set to True by executing below command AD Connect Server Powershell:
Get-ADSyncScheduler

If you find it is set to false then change it true by executing below command:
Set-ADSyncScheduler -SyncCycleEnabled $True

After that you can force a manual sync by executing below command:
Start-ADSyncSyncCycle -PolicyType Delta

If above vaules are proper then check below things:

Please check the eventvwr of you AD Connect Sync Server for Event 611, Directory Synchronization and RPC Error 8453: Replication access was denied in the Application log.

If you find this event with mentioned error then you need take action as per the article:
https://www.pei.com/2017/05/azure-active-directory-connect-password-sync-issues/
Avatar of cmdolcet

ASKER

Shreedhar,

Thank you very much for the quick response. I did check the error log I did not see any references to the errors listed above. I did have issue going into my AD Azure. I did attach the screen shot.
Azure-Issue.PNG
On which operating system you installed AD Connect?
Ok thank you. I see a lot of reference to the following program :  "IdFix" Is this safe to use?
Please use to find the errors with users. However would recommend to fix them manually.
Ok but how what I would know how to fix. I dont see any errors in the Event viewer how can I get in there an fix them manually?
I installed the AD Connect on windows server 2012.
Its strange that on Windows 2012 server you were getting error that AD Connect is not supported. Hope that server is Full GUI installed and its not Server Core.

Please share the AD Connect installed version details. However, Only option looks like a AD Connect Reinstall.
Ok if I can’t open it up how else could I get the information

Yes the server is full GUI

So tomorrow I’ll run the Idfix maybe that could resolve the issue

I am thinking out loud but if the active directory didn’t match the same objects as the O365 would that cause it to fail?

When I say object I mean the directory inside the active users window
I am thinking out loud but if the active directory didn’t match the same objects as the O365 would that cause it to fail?
- No

Issue is not at the user level. Its with AD Connect Application it self.
Is there any way to confirm your comment below?
- First the error you shared about AD Connect is installed on non supported operating system.

- If you can check eventvwr we should have some errors.
OK I remembered why this is giving me an issue. Its because it can;t be installed on the Domain controller. I did locate it on another VM (which is the correct Azure AD) and I can get into it.

Ok so the SyncCycleEnabled is set to True

I am missing the syntax with this:
Start-ADSyncSyncCycle -PolicyType Delta

Is that correct?
I just ran this:
Start-ADSyncSyncCycle Delta

and the result said it was success

but check the O365 admin it still says it has not synced

What could be wrong now
In Office 365 portal click on Directory Sync tile to find the AD Connect server name.

Then validate it the proper server on which you have ran the command.

Also check the eventvwr on the server which you were able to run the command properly.
Ok how can I double check the server name
-Under Health you will find Directory Sync Status

- Over there Directory sync service account

in the Service account you will have your AD Connect Server Name.
DirSync.JPG
cmdolcet,

Any further information might help?
Yes I ran that command on the Proper server.

Should I just run the FixID tool on that server?
After running the command issue still persist. If yes, did you get any sync failure errors mail.
Can I send you a screen shot of what I am finding?
Yes, Please..
AD Connect not synchronizing for 3 days does not relate to the errors provided in the screen shot.

To fix the errors you need to change the UPN for all users from LMICorporation,local to your domain added on Office 365.

Please refer this article for the same:
https://docs.microsoft.com/en-us/office365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization
Ok then what can I do to the the AD Connect?
I believe I located the EventViwer information you requested earlier.

I have attached a screen shot.
Event-Viewer.png
Shreedhar,

Did I miss something in your last post?
The screenshot you have posted is any information event, can you post any error events you are having in the same log.
As Shreedhar Suggest, please change the users domain suffix to match your external/Email  domain name

Please add domain suffix following below link and then change the all the users domain suffix to the one you have added
http://www.tutorialspoint.com/articles/adding-alternate-upn-suffix-to-active-directory-domain

For Example your domain name is domain.local and email domain name is companyemail.com
User "logon name" should currently be like user02@domain.local and you have added domain suffix (From domain and trust as companyemail.com) then your "User logon name" should read like user02@companyemail.com
Life1430,

I am talking about the AD connect not synchronizing.  The IDFIX tool issue was a different issue.

I am still looking for a solution on the Synchronization.

Thanks
I am talking about the AD connect not synchronizing
I have given instructions to match the user's domain UPN Suffix to match with your external domain because if that is not matching your AD connect synchronization will fail.
As i said earlier if Office 365 portal status for DirSync is still not syncing state then only option you have is to reinstall the AD Connect tool. Else you can open an support request with Office 365 Identity Team to find the cause for failure.
Shreeddhar,

Any reason then to do the following you had suggested early in the thread?

"I have given instructions to match the user's domain UPN Suffix to match with your external domain because if that is not matching your AD connect synchronization will fail."
ASKER CERTIFIED SOLUTION
Avatar of cmdolcet
cmdolcet
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Strange. But effective. It should work.

Keep under observation.