Hello All,
I was recently involved on a project where I did some PowerShell scripts to remotely connect to an Azure AD (AAD) Connect server and run custom manual synchronization cycles (Delta Import & Delta Sync) using AAD Connect’s Custom Scheduler component.
The primary reason we had to do this was due to AD migration of users from one AD forest to another AD forest. Both these AD forest users were being synchronized (using a single AADConnect in target AD forest) to a common Azure AD tenant. Post AD migration via ADMT tool, the migrated AD user(s) merges with its corresponding pre-existing synced identity on Azure AD (due to ms-DS-SourceAnchor being the ImmutableID). Hence this avoids a new user being created on Azure AD post AD migration.
This post details the instructions for the following tasks:
- How to run Azure AD Connect Sync Scheduler remotely for a specific on-premise AD connector?
- How to run Delta Import/Delta Sync schedule actions remotely?
SCENARIO:
The AAD Connect server is having multiple On-Premises AD connectors configured for 2 Active Directory forests (abc.net & xyz.com); synchronizing user accounts from both these AD forests to a common Office 365 tenant (Skynet.com) as shown below.
So here are the instructions to run AAD Connect Custom Run Scheduler manually for a Delta Import & Delta Sync operation for the “ABC.NET” ON-PREM AD connector remotely.
1. Stop the AutoSyncScheduler on the AADConnect01 server. (By default, Delta Sync runs on all configured connectors every 30 minutes on an Azure AD Connect Server)
Import-Module -Name ActiveDirectory $AADComputer = “AADCONNECT01.ABC.NET” $Session = New-PSSession -ComputerName $AADComputer Invoke-Command -Session $Session -ScriptBlock {Import-Module -Name ‘ADSync’} Invoke-Command -Session $Session -ScriptBlock {Set-ADSyncScheduler -SyncCycleEnabled $false} Invoke-Command -Session $Session -ScriptBlock {Get-ADSyncScheduler} |
Confirm that the default AutoSyncCycle is set to “FALSE” as shown below. This confirms that the AutoSyncScheduler will not run every 30 minutes.
2. Run the following PowerShell command to perform a Delta Import for the “ABC.NET” (On-Premises) AD connector remotely from a management server.
Invoke-Command -Session $Session -ScriptBlock {Invoke-ADSyncRunProfile -ConnectorName “abc.net” -RunProfileName “Delta Import”} |
3. Run the following PowerShell command to perform a Delta Sync for the “ABC.NET” (On-Premises) AD connector.
Invoke-Command -Session $Session -ScriptBlock {Invoke-ADSyncRunProfile -ConnectorName “abc.net” -RunProfileName “Delta Synchronization”} |
4. Run the following PowerShell command to monitor the Sync engine to see if its busy due to Delta Import command issued in the previous step.
Invoke-Command -Session $Session -ScriptBlock {Get-ADSyncConnectorRunStatus} |
“RunState” status of “Busy” means that the Delta Synchronization is currently running as shown above.
The cmdlet returns an empty result if the sync engine is idle and is not running a Connector as shown below.
4. Run the following PowerShell command to “Export” (commit) all the changes to Azure AD connector “SKYNET.COM – AAD”.
Invoke-Command -Session $Session -ScriptBlock {Invoke-ADSyncRunProfile -ConnectorName “skynet.com – AAD” -RunProfileName “Export”} |
5. Finally, do not forget to turn back the “SyncCycle” back to its previous defaults by running the PowerShell command below.
Invoke-Command -Session $Session -ScriptBlock {Set-ADSyncScheduler -SyncCycleEnabled $true} |
~Cheers
HemantA