The other day I had some problems with users synchronising with Azure AD via Azure AD Connect. Ultimately Azure AD Connect was not able to meet the requirements of the particular solution, as Microsoft Identity Manager (MIM) 2016 has the final 5% of the config required for, as I found out, a complicated user+resource and user forest design.
In saying that though, during my troubleshooting, I was looking at ways to export the error data from Azure AD Connect. I wanted to have the data more accessible as sometimes looking at problematic users one by one isn't ideal. Having it all in a CSV file makes it rather easy.
So here's a short blog post on how to get that data out of Azure AD Connect to streamline troubleshooting purposes.
Azure AD Connect has a way to make things nice and easy, but, at the same time makes you want to pull your hair out. When digging a little, you can get the information that you want. However, at first, you could be presented with a whole bunch of errors like this:
Unable to update this object because the following attributes associated with this object have values that may already be associated with another object in your local directory services: [UserPrincipalName [email protected]]. Correct or remove the duplicate values in your local directory. Please refer to http://support.microsoft.com/kb/2647098 for more information on identifying objects with duplicate attribute values.
I beleive its Event ID: 6941 in eventvwr as well
It's not a complicated error. It's rather self explanatory. However, when you have a bunch of them; say anything more that 20 or so, as I said earlier; it's easier to export it all for quick reference and faster review.
To export that error data to a CSV file, complete the following steps:
Open a cmd prompt CD: or change the directory to "C:\Program Files\Microsoft Azure AD Sync\bin" Run: "CSExport “[Name of Connector]” [%temp%]\Errors-Export.xml /f:x" - without the [ ] The name of the connector above can be found in the AADC Synchronisation Service. Now to view that data in a nice CSV format, the following steps can be run to convert that into something more manageable: Run: "CSExportAnalyzer [%temp%]\Errors-Export.xml > [%temp%]\Errors-Export.csv" - again, without the [ ] You now have a file in your [%temp%] directory named "Errors-Export.csv".
So a short blog post, but, I think a valuable one in that getting the info into a more easily digestible format should result in faster troubleshooting. In saying that, this doesn't give you all errors in all area's of AADC. Enjoy!
Follow or start a discussion for this blog (How to export user error data from Azure AD Connect with CSExport) on Twitter. If you're after something more in depth, or want to ask me an expanded question: raise an issue in my open GitHub AMA repo.