Azure Active Directory Connect Export profile error: stopped-server-down.
Rate this post

Follow Lucian on Twitter @LucianFrango.


A couple of weeks ago I deployed Azure AD Connect in production. It was a relatively smooth process. The wizard did most of the work which was great. There was a few hiccups (blog post) along the way, which, in most cases is expected if the problems are not so serious.

Fast forward to my second install of the latest and greatest sync service for Azure AD and Office 365 cloud identities and we have problem no. 2. This time, though, I can say that the process ran through allot smoother. There was no real errors. Things were looking straight great and I was looking at my next task with some enthusiasm.

However, come 8.30ish this morning and going over the AADConnect server once more for peace of mind, I had noticed that the “Export” profile task that runs as the last task in the scheduled hourly run for AADConnect synchronisation (I’ve set it to 60min), unfortunately had a nice little error for me:

2015-08-05--AADC-Error--01

Background

When I deployed AADConnect in this instance, the initial sync that ran from ADDS pulled everything in the on-premises ADDS environment. It was a relatively small sync with only 11,000 objects. Allot of these though were server and workstation objects that didn’t need to be there, as well as the usual service accounts and admin objects that don’t need to be in Office 365 / Azure AD.

As I was in a meeting the process ran in less than an hour and as you would expect, Azure AD had allot of unnecessary stuff in there. Not to worry, its not too difficult to change the selection and only sync certain OU’s. That done, and some manual Full Import and Full Sync profile tasks run, all was sweet. So I thought..

Context

Added in AADSync was a new feature called “prevent accidental deletions”. This feature is designed to prevent large number of deletions in Azure AD based on the threshold the administrator sets (500 objects by default). So when I had updates the selected OU’s for sync, basically removing half of those selected, I had reduced the 11K worth of objects down to about 6.5k. That’s allot more objects than the 500 object limit to delete. When this happens, the export task does nothing and the cleanup work in the backend doesn’t really happen. No ideal.

Solution

Back in AADSync days (AADConnect is now the new supreme sync service) this threshold of 500 objects to not  accidentally delete was able to be set via the DirSync Powershell module. Digging around I’ve found that the AADSync Powershell module features are a little different. The same Powershell cmdlet is not available.

Googling my way around the interwebs for most of the morning, I’ve found some references to what needs to be amended. The solution is to disable the threshold temporarily, then enable it again after a successful Export profile task. The disable Powershell is as follows:

To enable the again, enter the following Powershell:

Final words

Azure AD Connect is a great tool with some really deep functionality. There’s allot more to it than meets the eye (no that’s not a Transformers reference.. well, I don’t think so). I hope this solution has helped you on your journey to Office 365 / Azure. If there’s anything else you’d like to know, please feel free to leave a comment below.

Thank you,

-Lucian


Follow Lucian on Twitter @LucianFrango.

Category:
Azure Infrastructure, Identity and Access Management, Office 365
Tags:
, , , ,

Leave a Reply

  Subscribe  
newest oldest most voted
Notify of
raveen2013
Guest

Thanks for sharing . Good insighsts ..

Zeller
Guest
Zeller

Thank you! Worked perfectly.

debysandra
Guest

Reblogged this on demagnum.

Kent
Guest
Kent

That was awesome thanks for that fix!

Adam
Guest
Adam

Perfect! Thank you. This is just what I needed. Fixed my issue.

Harry
Guest
Harry

Hi,

I am facing a same problem, but when i searched disconnected since it is showing current licensed accounts for deletion as well. Will it delete those accounts from office 365 as i got 3800 objects

Gil
Guest
Gil

Can you add instructions on how to Successfully Export profile task?

Chris Amick
Guest
Chris Amick

Can someone confirm this will not affect the on-premise AD and only delete from the Azure AD?

John Carr
Guest
John Carr

I had this issue today. Synchronization Service Manager showed, “stopped-server-down” for Exports. Server also had a message that it needed a reboot because of a Windows Update, with the option to Postpone it. Well, solution was simply to restart the server and let Windows Update finish.

Follow Us!

Kloud Solutions Blog - Follow Us!