Update: Azure AD Connect default sync intervals and manual sync process have totally changed starting with version 188.8.131.52 released in February 2016. Please refer to THIS article to find out how to manually trigger a synchronization cycle.
I don’t know if you have noticed so far, but I am a very big fan of Azure AD and everything that surrounds it, like Azure AD Connect, ADFS an all features that come together with Azure AD like password write back (only with Azure AD Premium), Azure AD join, Azure AD B2C, Enterprise State Roaming and the list could go on. I also noticed that I wrote very little about Azure AD on this blog, so I decided to concentrate more on this the coming days. And since this week I had a partner engagement where this question showed up, I decided to explain here how can you manually trigger a synchronization cycle using Azure AD Connect.
First of all, this question arises because in older versions of DirSync we used to do this in a certain way, but with Azure AD Connect this process has changed. So administrators that were very familiar with this process in DirSync start to get confused.
Secondly, before starting a synchronization, we would have to decide if we need a full synchronization or a delta synchronization, right? As you may know, a full synchronization imports once again all your objects and synchronizes them again to Azure AD. A delta synchronization will synchronize only objects that have changed in Active Directory since the last synchronization, so users for which you may have changed an attribute, new users or deleted users (applies also to groups and contacts, of course).
So assuming that we need to trigger a full synchronization, we have one great option: PowerShell. Only that this is a little bit different now. So first of all, you would need to open PowerShell and navigate to the following location: C:\Program Files\Microsoft Azure AD Sync\Bin. So the very basic PowerShell cmdlet to do this would be:
PS C:\> cd “c:\Program Files\Microsoft Azure AD Sync\Bin”
Bare in mind that the way Windows reads file names or locations on the hard drive is not case sensitive, so you don’t need necessarily to respect the case when typing this cmdlet. Now, let’s get a step forward and run Get-ChildItem. Here’s the result:
So, in this folder we have this DirectorySyncClientCmd executable. In order to start a synchronization we just have to execute it. However if we execute it in a very simply way with .\DirectorySyncClientCmd.exe, it will also run a delta synchronization. So if we need a full sync, we would want to run it with the “initial” flag, like in this example:
We can also see that this performed a full synchronization and we’re done.
Now, if we need a delta synchronization, we can run, as already explained, the same .exe file, but without “initial”. In addition there is another way we can trigger a delta synchronization: via the Task Scheduler. So, if you open it, you will find the Azure AD Sync task right at the top of “Task Scheduler Library”. Simply run it with right click.
And since we’re on it, this is also the place where you can change the default synchronization interval of 3 hours to a value that is suitable for you.
Please bare in mind, however, that Microsoft doesn’t recommend to change this interval. So it is supported, but not recommended.
So these are the options to manually trigger a synchronization in Azure AD Connect……
Ok, I lied, there is one other way to do this by triggering each run profile manually, but I won’t go into this right now. I will write another post on how synchronization works in Azure AD Connect and I will show you then how we should run the profiles manually. Until then, I am always open for your feedback, so you may write a few words in the comments section of this post. If you think this information is useful, then share it with your friends and this would make me happy 🙂
Have a good one all of you!
Latest posts by Dan Patrascu-Baba (see all)
- ADFS in multi forest environments - 20/10/2017
- #Build 2017 – some exciting things - 10/05/2017
- Testing Azure AD per app MFA and conditional access based on network location - 29/07/2016