Password sync: Troubleshoot an attribute not synchronizing in Azure AD Connect
While synchronizing the attributes of user accounts between Active Directory (AD) and Azure AD, some of the attributes may not sync. To identify the reason behind this issue, perform the following troubleshooting steps:
Go to Start, search for Synchronization Service Manager. Click on the icon.
- In the Synchronization Service Manager window, click Metaverse Search.
In the Metaverse Search section that appears, select the object type in the Scope by Object Type, identify the object using an attribute (in the below image the object is identified by mentioning its displayName attribute value as 'first'), and click Search.
Double-click the object found in the Metaverse search to view all its attributes. You can click on the Connectors tab to look at the corresponding object in all the Connector Spaces.
Double-click on the Active Directory Connector to view the Connector Space attributes. Click Preview and in the dialog box that appears, click Generate Preview.
Click Import Attribute Flow, this shows the flow of attributes from Active Directory Connector Space to the Metaverse.
- The Sync Rule column points out the Synchronization Rule that contributed to that attribute.
- The Data Source column shows you the attributes from the Connector Space.
- The Metaverse Attribute column shows you the attributes in the Metaverse. You can look for the attribute that is not synced here. If the attribute is not present, then it has not been mapped and a custom Synchronization Rule needs to be created to map the attribute.
Click Export Attribute Flow under Contents to view the attribute flow from Metaverse back to Active Directory Connector Space using Outbound Synchronization Rules.
- Similar to above, you can view the Azure Active Directory Connector Space object and can generate the Preview to view the attribute flow from Metaverse to the Connector Space and vice versa. This can help you identify why an attribute is not syncing.
Setting up Azure AD Connect synchronizes on-premises AD accounts to Azure AD. Its configuration and troubleshooting involves multiple steps and commands. ADSelfService Plus, an Active Directory self-service password management and single sign-on solution, offers the Password Synchronization feature to synchronize passwords between AD and Azure AD. Enabling this feature involves minimal steps:
Before you configure password synchronization for Office 365 or Azure AD, you need to install the Windows Azure AD module for Windows PowerShell on the server in which ADSelfService Plus is deployed.
Important: Install the Password Sync Agent to synchronize native password changes and resets.
- Log into the ADSelfService Plus admin console with admin credentials.
- Navigate to Configuration > Self-Service > Password Sync/Single Sign-On > Add Application..
- Select the Office 365 / Azure accounts application.
- Enter the Application Name and Description.
- Enter the Domain name of your Office 365 / Azure account
- In the Assign Policies field, select the policies for which password sync needs to be enabled.
Note: ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy. Only user accounts that come under these policies can have their passwords synchronized with Azure AD.
- Select Enable Password Sync.
- Enter the Username and Password of Office 365 / Azure account
- Click Add Application.
Benefits of password synchronization using ADSelfService Plus:
- Password synchronization with major enterprise applications including Azure AD/Office 365, AD LDS, and Salesforce.
- Synchronize native password resets made in the Active Directory Users and Computers console and password changes made in the Ctrl+Alt+Del screen.
- Enable password synchronization for users belonging to specific OU's and groups.
Simplify password management with ADSelfService Plus.
Your download is in progress and it will be completed in just a few seconds!
If you face any issues, download manually here
Self-service password management and single sign-on solution
ManageEngine ADSelfService Plus is an integrated self-service password management and single sign-on solution for Active Directory and cloud apps. Ensure endpoint security with stringent authentication controls including biometrics and advanced password policy controls.
- Related Products