This morning at Kloud NSW HQ (otherwise known as the Kloud office, or the office, or anything else that does not sound cool or interesting at all) James Lewis (@Jimmy_Lewis on Twitter) asked the question:
What is the powershell cmdlet to kick off a manual sync in AADConnect?
Back in the olden days, as they say, in DirSync there was a powershell cmdlet called:
As Microsoft do often times, this cmdlet has changed. However, the reason this has changed is because of the way the sync process is now handled in AADConnect. The AADConnect Sync Scheduler has come about to replace the pre-existing process of an external sync engine tied to a Windows service and Windows task scheduler.
The new scheduler is responsible to complete two key tasks: run and manage the synchronisation cycle where import, sync and export processes are looked after; and to complete regular maintenance tasks, like for example renew certificates and keys for password reset and device registration (DRS), to name a few.
AzureAD Connect Scheduler Configuration
Output from James’ workstation (thanks buddy):
PS C:\> Get-ADSyncScheduler AllowedSyncCycleInterval : 00:30:00 CurrentlyEffectiveSyncCycleInterval : 00:30:00 CustomizedSyncCycleInterval : NextSyncCyclePolicyType : Delta NextSyncCycleStartTimeInUTC : 3/7/2016 6:47:23 AM (this is UTC time, not the time we were working) PurgeRunHistoryInterval : 7.00:00:00 SyncCycleEnabled : True MaintenanceEnabled : True StagingModeEnabled : False
Theres various options to change the Sync Scheduler configuration. These options and configuration item include (care of Microsoft Azure documentation):
- AllowedSyncCycleInterval. The scheduled interval which Azure AD allows AADConnect to sync. Default = 30minutes.*
- CurrentlyEffectiveSyncCycleInterval. The sync schedule currently in effect. Default = 30minutes.*
- CustomizedSyncCycleInterval. To change the default 30 minutes sync schedule, change this setting.
- NextSyncCyclePolicyType. Changes the very next scheduled sync to either be a delta sync of a full sync.
- NextSyncCycleStartTimeInUTC. Sets the time the very next sync schedule will start.
- PurgeRunHistoryInterval. The amount of time logs should be help. Default = 7 days.
- SyncCycleEnabled. Indicates if the scheduler is running the import, sync, and export processes as part of its operation.
- MaintenanceEnabled. Shows if the maintenance process is enabled.
- IsStagingModeEnabled. Shows if staging mode is enabled.
*Sidebar – As of March 1st 2016, the new default sync schedule interval for AADConnect has been changed from 3hours to 30min. Something to consider if you’ve recently upgraded AADC.
The sync scheduler every 30minutes (default) will complete a nice delta import from all connectors, delta sync fro all connectors and an export to Azure AD.
When you have 3 or more ADDS forests that are configured in a multi-forest sync process to Azure AD for more complex deployments (I know, I’m going to the extreme here) a powershell cmdlet can be considerably more efficient than queuing up each connectors to run through the entire process.
This is where a nice and streamlined single powershell cmdlet comes into play. Gone is the old Start-OnlineCoexistenceSync and in comes the nice new cmdlet:
Start-ADSyncSyncCycle -PolicyType Delta
Important! Don’t forget to include the “-PolicyType Delta” to only kick off a delta sync. If we go back to my extreme example of a multi-forest AADConnect deployment, there could be a very long wait time to have all objects run through a full sync because you forgot to specify the policy type.
If you wanted to change that in the off change to a full sync, select the option “initial” instead of “delta”.
Lastly one other cmdlet that could prove helpful incase you did kick off a full sync by accident would be to stop the sync scheduler. To initiate a stop action, enter in the following:
To James, thank you for the 2 hours of testing, reading, testing and writing this blog post. Today we’ve all learned something new and handy that will no doubt save time in the future when a manual sync schedule needs to be run.