How to: Manually Force Sync Azure AD Connect

How to: Manually Force Sync Azure AD Connect

Step 1: Start PowerShell

Using any of these methods, or any other you may know of:

WinKey + R (Run Dialog): powershell.exe

Start Menu -> type ‘Powershell’, click it

Navigate to C:\Windows\System32\WindowsPowerShell\V1.0\powershell.exe

Step 2: (optional/dependent) Connect to the AD Sync Server

If you’re running PowerShell on the Server where AD Connect is running, skip this step.

In the command window run the following command, replacing [SERVERNAME] with the name of the server you need to connect to (you may not be able to do this is PSRemoting is not enabled on the remote server):

Enter-PSSession -ComputerName [SERVERNAME]

Step 3: Import the ADSync Module

Run the following command:

Import-Module ADSync

Step 4: Run the Sync Command

Run the following Command(s):

For a Delta Sync (most common, and used for most situations):

Start-ADSyncSyncCycle -PolicyType Delta

For a Full Sync (only necessary in some situations):

Start-ADSyncSyncCycle -PolicyType Initial

Step 5: (Optional/Dependent) Exit PSSession

If you used the Enter-PSSession command, you must exit the session or it will remain open even after terminating the PS Host. You can do so by simply using the command: Exit

Alternatively, you can achieve this with the GUI, see reference below.

Just a brief post today to outline how to rectify an issue when you try and run a sync via PowerShell using the command:

Start-ADSyncSyncCycle -PolicyType Initial

and then you receive the error message:

Start-ADSyncSyncCycle : The term ‘Start-ADSyncSyncCycle’ is not recognized as the name of a cmdlet, function, script

file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct

and try again.

At line:1 char:1

+ Start-ADSyncSyncCycle -PolicyType Initial

+ ~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : ObjectNotFound: (Start-ADSyncSyncCycle:String) [], CommandNotFoundException

+ FullyQualifiedErrorId : CommandNotFoundException

I had just installed the latest version of AD Connect and had prepared Active Directory for replication to Azure AD. I couldn’t understand why, after a fresh install, that the ADSync modules weren’t present and available.

You can run the following command to see what modules are available:

get-Module

When I ran that, my instance returned:

ModuleType Version Name ExportedCommands

———- ——- —- —————-

Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Computer, Add-Content, Checkpoint-Computer, Clear-Con…

Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Object…}

Script 2.0.0 PSReadline {Get-PSReadLineKeyHandler, Get-PSReadLineOption, Remove-PS…

As you can see, ADSync is not listed so that explains why my attempt to run the sync wouldn’t run. So how do you fix it? The method I used was as follows…

Open an Administrator instance of PowerShell run the following commands:

First, we’re going to set the execution policy of PowerShell:

Set-ExecutionPolicy RemoteSigned

Now we’re going to import the ADSync module from the ADSync installation directory on your server. In my case it was located in:

C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync

But be aware, yours may be different depending on the drive and folder it was installed into. With that knowledge, you need to change the path in the syntax below to suit your set up:

Import-Module -Name “C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync” -Verbose

That will now import all the modules from the ADSync directory and make the available to PowerShell. To test whether the import was successful run the following command:

get-module

It should return something similar to the following with ADSync listed as one of the available modules:

ModuleType Version Name ExportedCommands

———- ——- —- —————-

Binary 1.0.0.0 ADSync {Add-ADSyncAADServiceAccount, Add-ADSyncADDSConnectorAccou…

Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Computer, Add-Content, Checkpoint-Computer, Clear-Con…

Manifest 3.0.0.0 Microsoft.PowerShell.Security {ConvertFrom-SecureString, ConvertTo-SecureString, Get-Acl…

Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Object…}

Binary 1.0.0.1 PackageManagement {Find-Package, Find-PackageProvider, Get-Package, Get-Pack…

Script 1.0.0.1 PowerShellGet {Find-Command, Find-DscResource, Find-Module, Find-RoleCap…

Script 2.0.0 PSReadline {Get-PSReadLineKeyHandler, Get-PSReadLineOption, Remove-PS…

Now you should be able to run the ADSyncSyncCycle command like so:

Start-ADSyncSyncCycle -PolicyType Initial

and it should return the following result:

PS C:\Users\Administrator> Start-ADSyncSyncCycle -PolicyType Initial

Result

——

Success

That’s it, you’re good to go…

If you’ve found this useful, you may want to sign up to our newsletter where you’ll receive notices on when we post new articles and helpful “how tos”. Just fill out your details below and we’ll do the rest…

Azure AD Sync – Set-MsolDirSyncEnabled : You cannot turn off Active Directory synchronization.

 I recently ran into a situation in my lab environment that required I resync all (2000+) user accounts to Azure AD. Though this sounds complex and daunting, its actually quite simple. T

he basic steps involve disabling sync, and then removing the user objects. This can all be done with two PowerShell commands:

1) Set-MsolDirSyncEnabled -EnableDirSync $false

2) Get-MsolUser -All | Remove-MsolUser -force

The account that you are currently running the commands as will not be removed. 

To enable Azure AD Sync, you simply reverse the boolean operation on the Set-MsolDirSyncEnabled cmdlet above. However, I ran into an issue when trying to enable Azure AD Sync. 

After some research, it turns out you must wait a period of time (up to 12 hours in some cases) before you can make a second change to the Azure AD Sync status. This error simply means that we made a recent change to Azure AD Sync, and we must wait before making another change. To prove this, there is a “DirectorySynchronizationStatus” member for the Get-MsolCompanyInformation cmdlet. If we take a look at this member, we can see the status is “PendingDisabled”. 

Check the status of this periodically over the next 12 hours or so, and once it says “Enabled” or “Disabled”, you should be able to change the state once more. 

Leave a Reply

Your email address will not be published.