Azure AD Connect manual sync cycle with PowerShell, Start-ADSyncSyncCycle

This morning at Kloud NSW HQ (otherwise known as the Kloud office, or the office, or anything else that does not sound cool or interesting at all) James Lewis (@Jimmy_Lewis) asked the question:

What is the PowerShell cmdlet to kick off a manual sync in AADConnect?

-@Jimmy_Lewis

Back in the olden days, as they say, in DirSync there was a PowerShell cmdlet called:

Start-OnlineCoexistenceSync

As Microsoft do often times, this cmdlet has changed. However, the reason this has changed is because of the way the sync process is now handled in AADConnect. The AADConnect Sync Scheduler has come about to replace the pre-existing process of an external sync engine tied to a Windows service and Windows task scheduler.

The new scheduler is responsible to complete two key tasks: run and manage the synchronisation cycle where import, sync and export processes are looked after; and to complete regular maintenance tasks, like for example renew certificates and keys for password reset and device registration (DRS), to name a few.

AzureAD Connect Scheduler Configuration

Output from James’ workstation (thanks buddy):

PS C:\> Get-ADSyncScheduler
AllowedSyncCycleInterval            : 00:30:00
CurrentlyEffectiveSyncCycleInterval : 00:30:00
CustomizedSyncCycleInterval         :
NextSyncCyclePolicyType             : Delta
NextSyncCycleStartTimeInUTC         : 3/7/2016 6:47:23 AM (_this is UTC time, not the time we were working_)
PurgeRunHistoryInterval             : 7.00:00:00
SyncCycleEnabled                    : True
MaintenanceEnabled                  : True
StagingModeEnabled                  : False

Theres various options to change the Sync Scheduler configuration. These options and configuration item include (care of Microsoft Azure documentation):

Sidebar - As of March 1st 2016, the new default sync schedule interval for AADConnect has been changed from 3hours to 30min. Something to consider if you’ve recently upgraded AADC.

Manual Intervention

The sync scheduler every 30minutes (default) will complete a nice delta import from all connectors, delta sync from all connectors and an export to Azure AD.

When you have 3 or more ADDS forests that are configured in a multi-forest sync process to Azure AD for more complex deployments (I know, I’m going to the extreme here) a PowerShell cmdlet can be considerably more efficient than queuing up each connectors to run through the entire process.

This is where a nice and streamlined single PowerShell cmdlet comes into play. Gone is the old Start-OnlineCoexistenceSync and in comes the nice new cmdlet:

Start-ADSyncSyncCycle -PolicyType Delta

Important! Don’t forget to include the -PolicyType Delta to only kick off a delta sync. If we go back to my extreme example of a multi-forest AADConnect deployment, there could be a very long wait time to have all objects run through a full sync because you forgot to specify the policy type.

If you wanted to change that in the off change to a full sync, select the option “initial” instead of “delta”.

Lastly one other cmdlet that could prove helpful in case you did kick off a full sync by accident would be to stop the sync scheduler. To initiate a stop action, enter in the following:

Stop-ADSyncSyncCycle

Final words

To James, thank you for the 2 hours of testing, reading, testing and writing this blog post. Today we’ve all learned something new and handy that will no doubt save time in the future when a manual sync schedule needs to be run.


Questions?

Have a question about this post? Ask away on Twitter or in my AMA repo.