The Scenario
I have a client who had an issue with Azure AD Connect Password Synchronization not working. When logged in to the O365 portal, I noted that the password sync showed "RED" and not as "Green" with the "Recent Synchronization" Message in the Dashboard.
These can be seen with different tenants at times and to fix the issue we needed to disable password synchronization and then re-enable it, which forced a fresh password sync.
Solution Used
1. Log in to Azure AD Connect server/dc
2. Open MIISClient or simply search for "synchronization service" and open the same with elevated permissions
3. You will be able to see 2 connector's i.e. "yourdomain.local" and "onmicrosoft.com - AAD"
4. We need to remember the 2 domain names and update the same in Powershell variables
5. Open a Powershell with elevated credentials and run the commands:
$adConnector = "domain.local"
$aadConnector = "domain.onmicrosoft.com - AAD"
Note: $adConnector is just a variable you are setting for the actual command which will be shown later.
6. You will have to set the variables as per your connector names accordingly.
7. Now that we have set the variables in the Powershell, we need to run the actual Powershell script to disable and re-enable the password sync.
8. In the same Powershell window, run the command:
Import-Module adsync
$c = Get-ADSyncConnector -Name $adConnector
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String,
ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c.GlobalParameters.Remove($p.Name)
$c.GlobalParameters.Add($p)
$c = Add-ADSyncConnector -Connector $c
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $true
9. The above script will disable password synchronization and then re-enable it, which forces a fresh sync
10. Once you run the script above, you’ll see the following 2 Event IDs i.e. Event 657,656 with Source "Directory Synchronization" showing a successful password synchronization. Success!
11. Run a delta sync from the same Powershell command: start-adsyncsynccycle -policytype delta
12. Log in to the Office 365 portal and you should now be able to see password sync working again with "Recent Synchronization" information
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)