{"id":5944,"date":"2015-09-24T12:00:07","date_gmt":"2015-09-24T11:00:07","guid":{"rendered":"http:\/\/www.markwilson.co.uk\/blog\/?p=5944"},"modified":"2015-09-21T22:52:38","modified_gmt":"2015-09-21T21:52:38","slug":"overview-of-azure-ad-synchronisation","status":"publish","type":"post","link":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm","title":{"rendered":"Overview of Azure AD synchronisation"},"content":{"rendered":"<p>Over the last few months, I&#8217;ve had the opportunity to work with a number of directories that are synchronised from on-premises Active Directory (AD) to Azure AD (AAD) &#8211;\u00a0<a href=\"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm\">the directory service behind Office 365<\/a>, Azure, Dynamics, Intune and other business-focused Microsoft online services.<\/p>\n<p>I&#8217;ve learned a few things along the way (like that <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2015\/08\/reconfiguring-azure-ad-sync.htm\">AAD synchronisation servers are disposable and shouldn&#8217;t be re-configured to sync with a different directory<\/a>, as well as <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/troubleshooting-missing-objects-azure-ad-sync.htm\">some steps for troubleshooting missing objects<\/a>) but I thought I&#8217;d group a few more points together in this post.<\/p>\n<h3>DirSync -&gt; AAD Sync -&gt; AAD Connect<\/h3>\n<p>There have been various versions of what&#8217;s essentially the same tool (a customised implementation of <a href=\"https:\/\/www.microsoft.com\/en-gb\/server-cloud\/products\/microsoft-identity-manager\/default.aspx\">Microsoft Identity Manager<\/a>, previously known as Forefront Identity Manager and Microsoft Identity Integration Server &#8211; indeed the Synchronisation Manager is still named miisclient.exe) and <a href=\"http:\/\/support.risualblogs.com\/blog\/2015\/04\/15\/dirsync-vs-fim-vs-azure-active-directory-sync-services-vs-azure-ad-connect\/\">Paul Wooldridge does a great job of summarising the current situation in his blog post for risual<\/a>.<\/p>\n<p>These days, there are very few reasons not to be using the latest version &#8211; Azure AD Connect &#8211;\u00a0which massively simplifies the process of configuring the underlying Azure AD Synchronisation Services as well as including a number of optional preview features for new functionality. The one caveat is that it needs Windows Server 2012 or later.<\/p>\n<h3>Hardware, software and service accounts<\/h3>\n<p>Whilst there&#8217;s no reason a physical machine couldn&#8217;t be used,\u00a0all of the Azure AD synchronisation servers I&#8217;ve worked on have been virtual. \u00a0The machine will require the following specification:<\/p>\n<ul>\n<li>Windows Server 2008 or later (standalone or domain joined).<\/li>\n<li>Microsoft .Net framework version 4.5.1.<\/li>\n<li>PowerShell (v3 or later).<\/li>\n<li>Local administrator privileges to install the software.<\/li>\n<li>Unauthenticated Internet access (over port 443) to the Office 365 servers.<\/li>\n<li>A regular user account to connect to AD and read the attributes for objects to be synchronised. This must be able to <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/cc739424(v=ws.10).aspx\">log on as a service<\/a> and it will also <a href=\"https:\/\/support.microsoft.com\/en-gb\/kb\/303972\">need to be granted the following permissions<\/a> in order to write back password hashes (for same sign on):\n<ul>\n<li>Replicating Directory Changes.<\/li>\n<li>Replicating Directory Changes All.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Older versions of the tool allowed the administrator to\u00a0define\u00a0an account in the cloud whereas AAD Connect asks for\u00a0credentials and creates its own service account (with a display name of\u00a0On-Premises Directory Synchronization Service Account and an user\u00a0name of\u00a0Sync_<em>syncservername<\/em>_<em>identifier<\/em>@<em>tenantname<\/em>.onmicrosoft.com). Also, unlike previous versions the account is set with a password that will not\u00a0expire (the PasswordNeverExpires and\u00a0PasswordResetNotRequiredDuringActivate attributes are both set to $true).<\/p>\n<h3>Tools and commands<\/h3>\n<p>Azure AD Connect is based on the Azure AD Synchronization Services framework which itself is evolved from Microsoft Identity Manager (formerly Forefront Identity Manager, Microsoft Identity Lifecycle Manager, Microsoft Identity Integration Server,\u00a0Microsoft Metadirectory Server and Zoomit Via before that!). Not surprisingly, the underlying tools are the same ones used for these products!<\/p>\n<ul>\n<li>The main tool is the\u00a0Synchronization Service Manager (miisclient.exe), which is used to\u00a0monitor synchronisation as well as to adjust the scope of synchronisation (more on that in a moment)<\/li>\n<li>There&#8217;s also a\u00a0Rules Editor (which I leave alone &#8211; indeed, directly editing the rules is not supported for AAD Connect)<\/li>\n<li>A scheduled task is also created that runs the synchronisation process every 3 hours by default (you may want to reduce the timeout on this to avoid issues with long-running syncs too).<\/li>\n<li>It&#8217;s possible to <a href=\"http:\/\/www.msexchange.org\/blogs\/walther\/news\/aadsync-forcingmanual-syncs.html\">force a\u00a0synchronisation from the command\u00a0line<\/a>. This can also be done from the Synchronization Service Manager\u00a0or from Task Scheduler\u00a0but the command line\u00a0is easy! Simply run <code>directorysyncclientcmd.exe delta<\/code> (from an PowerShell session running as Administrator) or\u00a0<code>directorysyncclientcmd.exe\u00a0initial<\/code> to force a full synchronisation.<\/li>\n<\/ul>\n<p>As for Powershell cmdlets, the documentation on the ADSync PowerShell module is pretty poor. I <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/powershell-cmdlets-in-the-azure-adsync-module.htm\">managed to extract a list of commands and their syntax<\/a> but there&#8217;s no meaningful help text (at least not that I&#8217;ve found). I&#8217;ve also seen that the <a href=\"http:\/\/social.technet.microsoft.com\/wiki\/contents\/articles\/19901.dirsync-list-of-attributes-that-are-synced-by-the-azure-active-directory-sync-tool.aspx\">DirSync information on the synced attributes<\/a> is better than <a href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/azure\/dn764938.aspx\">the AAD Sync information<\/a> (which warns it will be archived soon) and I haven&#8217;t found the equivalent AAD Connect information!<\/p>\n<h3>What gets synchronised?<\/h3>\n<p>For many organisations, not all of the directory needs to be synchronised. <a href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/azure\/jj710171.aspx\">It&#8217;s possible to filter\u00a0synchronisation<\/a> by domain, organizational unit (OU), group membership, or directory attribute. Of these, group membership is generally only used in test (it quickly becomes tiresome to add users to a group to ensure that they are synced to the cloud) and OU filtering is the most common form I&#8217;ve seen. It&#8217;s also worth noting that the group membership option is new with Azure AD Connect and previous versions of the tool didn&#8217;t allow this.<\/p>\n<p>Also note that,\u00a0if the scope of synchronisation is changed, a full synchronisation is required as a delta will not pick up the new filtering arrangements.<\/p>\n<h3>Further reading<\/h3>\n<ul>\n<li>MSDN: Microsoft Azure <a href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/azure\/dn757582.aspx\">directory integration tools<\/a>.<\/li>\n<li>Alex Simons&#8217; post on\u00a0<a href=\"http:\/\/blogs.technet.com\/b\/ad\/archive\/2014\/12\/15\/azure-ad-connect-one-simple-fast-lightweight-tool-to-connect-active-directory-and-azure-active-directory.aspx\">Azure AD Connect: one simple, fast, lightweight tool to connect Active Directory and Azure Active Directory<\/a>.<\/li>\n<li>Alex Simons\/Samuel Devasahayam: <a href=\"http:\/\/blogs.technet.com\/b\/ad\/archive\/2015\/06\/24\/azure-ad-connect-amp-connect-health-is-now-ga.aspx\">Azure AD Connect and Connect Health is GA<\/a>.<\/li>\n<li>Bill Mathers&#8217; documentation on\u00a0<a href=\"https:\/\/azure.microsoft.com\/en-gb\/documentation\/articles\/active-directory-aadconnect-get-started-custom\/\">custom installation of Azure AD Connect<\/a>.<\/li>\n<li>Ryan Sizemore&#8217;s post on\u00a0<a href=\"http:\/\/blogs.msdn.com\/b\/ryansize\/archive\/2014\/08\/11\/aad-connect-identity-sync-for-the-layperson.aspx\">AAD Connect: identity sync for the layperson<\/a>.<\/li>\n<li>TechNet: <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/jj151797\">verify directory synchronisation<\/a>.<\/li>\n<li>Dave Stork&#8217;s series of dirteam posts on directory synchronisation:\n<ul>\n<li><a href=\"https:\/\/dirteam.com\/dave\/2015\/03\/30\/azure-active-directory-synchronization-an-introduction-part-1\/\">Introduction, part 1<\/a>.<\/li>\n<li><a href=\"https:\/\/dirteam.com\/dave\/2015\/03\/31\/azure-active-directory-synchronization-an-introduction-part-2\/\">Introduction, part 2<\/a>.<\/li>\n<li><a href=\"https:\/\/dirteam.com\/dave\/2015\/04\/06\/azure-active-directory-synchronization-filtering-part-1\/\">Filtering, part 1<\/a>.<\/li>\n<li><a href=\"https:\/\/dirteam.com\/dave\/2015\/04\/10\/azure-active-directory-synchronization-filtering-part-2\/\">Filtering, part 2<\/a>.<\/li>\n<li><a href=\"https:\/\/dirteam.com\/dave\/2015\/04\/15\/azure-active-directory-synchronization-object-matching\/\">Object matching<\/a>.<\/li>\n<\/ul>\n<\/li>\n<li>Some older information that&#8217;s\u00a0still relevant:\n<ul>\n<li>MSDN:\u00a0<a href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/azure\/dn790204.aspx\">Azure Active Directory Sync<\/a>.<\/li>\n<li>MSDN: <a href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/azure\/dn835016.aspx\">implement password synchronization with Azure Active Directory Sync<\/a><\/li>\n<li>Alex Simons:\u00a0<a href=\"http:\/\/blogs.technet.com\/b\/ad\/archive\/2014\/12\/11\/wrapping-up-the-year-with-a-boat-load-of-azure-ad-news.aspx\">password write-back in Azure AD Sync<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Over the last few months, I&#8217;ve had the opportunity to work with a number of directories that are synchronised from on-premises Active Directory (AD) to Azure AD (AAD) &#8211;\u00a0the directory service behind Office 365, Azure, Dynamics, Intune and other business-focused Microsoft online services. I&#8217;ve learned a few things along the way (like that AAD synchronisation &hellip; <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Overview of Azure AD synchronisation<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[218],"tags":[102,176,217],"class_list":["post-5944","post","type-post","status-publish","format-standard","hentry","category-technology","tag-active-directory","tag-azure","tag-office-365"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Overview of Azure AD synchronisation - markwilson.it<\/title>\n<meta name=\"description\" content=\"An overview of Azure AD synchronisation including the various synchronisation tools that have existed and some pointers for setting things up\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Overview of Azure AD synchronisation - markwilson.it\" \/>\n<meta property=\"og:description\" content=\"An overview of Azure AD synchronisation including the various synchronisation tools that have existed and some pointers for setting things up\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm\" \/>\n<meta property=\"og:site_name\" content=\"markwilson.it\" \/>\n<meta property=\"article:published_time\" content=\"2015-09-24T11:00:07+00:00\" \/>\n<meta name=\"author\" content=\"Mark Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:site\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/09\\\/overview-of-azure-ad-synchronisation.htm#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/09\\\/overview-of-azure-ad-synchronisation.htm\"},\"author\":{\"name\":\"Mark Wilson\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"headline\":\"Overview of Azure AD synchronisation\",\"datePublished\":\"2015-09-24T11:00:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/09\\\/overview-of-azure-ad-synchronisation.htm\"},\"wordCount\":920,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"keywords\":[\"Microsoft Active Directory\",\"Microsoft Azure\",\"Microsoft Office 365\"],\"articleSection\":[\"Technology\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/09\\\/overview-of-azure-ad-synchronisation.htm#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/09\\\/overview-of-azure-ad-synchronisation.htm\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/09\\\/overview-of-azure-ad-synchronisation.htm\",\"name\":\"Overview of Azure AD synchronisation - markwilson.it\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\"},\"datePublished\":\"2015-09-24T11:00:07+00:00\",\"description\":\"An overview of Azure AD synchronisation including the various synchronisation tools that have existed and some pointers for setting things up\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/09\\\/overview-of-azure-ad-synchronisation.htm#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/09\\\/overview-of-azure-ad-synchronisation.htm\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2015\\\/09\\\/overview-of-azure-ad-synchronisation.htm#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Overview of Azure AD synchronisation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/\",\"name\":\"markwilson.it\",\"description\":\"get-info -class technology | write-output &gt; \\\/dev\\\/web\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\",\"name\":\"Mark Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"width\":800,\"height\":800,\"caption\":\"Mark Wilson\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\"},\"description\":\"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.\",\"sameAs\":[\"http:\\\/\\\/www.markwilson.co.uk\\\/\",\"https:\\\/\\\/www.instagram.com\\\/markwilsonuk\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/markawilson\\\/\",\"https:\\\/\\\/x.com\\\/markwilsonit\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCWHlZCoHRTocdvtrOJ2IL4A\"],\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/author\\\/mark-wilson\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Overview of Azure AD synchronisation - markwilson.it","description":"An overview of Azure AD synchronisation including the various synchronisation tools that have existed and some pointers for setting things up","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm","og_locale":"en_GB","og_type":"article","og_title":"Overview of Azure AD synchronisation - markwilson.it","og_description":"An overview of Azure AD synchronisation including the various synchronisation tools that have existed and some pointers for setting things up","og_url":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm","og_site_name":"markwilson.it","article_published_time":"2015-09-24T11:00:07+00:00","author":"Mark Wilson","twitter_card":"summary_large_image","twitter_creator":"@markwilsonit","twitter_site":"@markwilsonit","twitter_misc":{"Written by":"Mark Wilson","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm#article","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm"},"author":{"name":"Mark Wilson","@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"headline":"Overview of Azure AD synchronisation","datePublished":"2015-09-24T11:00:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm"},"wordCount":920,"commentCount":0,"publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"keywords":["Microsoft Active Directory","Microsoft Azure","Microsoft Office 365"],"articleSection":["Technology"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm","url":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm","name":"Overview of Azure AD synchronisation - markwilson.it","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#website"},"datePublished":"2015-09-24T11:00:07+00:00","description":"An overview of Azure AD synchronisation including the various synchronisation tools that have existed and some pointers for setting things up","breadcrumb":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/overview-of-azure-ad-synchronisation.htm#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.markwilson.co.uk\/blog"},{"@type":"ListItem","position":2,"name":"Overview of Azure AD synchronisation"}]},{"@type":"WebSite","@id":"https:\/\/www.markwilson.co.uk\/blog\/#website","url":"https:\/\/www.markwilson.co.uk\/blog\/","name":"markwilson.it","description":"get-info -class technology | write-output &gt; \/dev\/web","publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.markwilson.co.uk\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468","name":"Mark Wilson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","url":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","width":800,"height":800,"caption":"Mark Wilson"},"logo":{"@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1"},"description":"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.","sameAs":["http:\/\/www.markwilson.co.uk\/","https:\/\/www.instagram.com\/markwilsonuk\/","https:\/\/www.linkedin.com\/in\/markawilson\/","https:\/\/x.com\/markwilsonit","https:\/\/www.youtube.com\/channel\/UCWHlZCoHRTocdvtrOJ2IL4A"],"url":"https:\/\/www.markwilson.co.uk\/blog\/author\/mark-wilson"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":5986,"url":"https:\/\/www.markwilson.co.uk\/blog\/2015\/09\/troubleshooting-missing-objects-azure-ad-sync.htm","url_meta":{"origin":5944,"position":0},"title":"Troubleshooting missing objects in Azure AD sync","author":"Mark Wilson","date":"Friday 11 September 2015","format":false,"excerpt":"I have a half-written blog post about Microsoft Azure Active Directory (AAD) Connect - the latest incarnation of the directory synchronisation engine used to populate a cloud directory for Office 365 and other online services. That post will stay half-written for a while longer as\u00a0it needs a bit more work\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5897,"url":"https:\/\/www.markwilson.co.uk\/blog\/2015\/08\/reconfiguring-azure-ad-sync.htm","url_meta":{"origin":5944,"position":1},"title":"Reconfiguring Azure AD Sync &#8211; rip and replace!","author":"Mark Wilson","date":"Thursday 27 August 2015","format":false,"excerpt":"I had an interesting learning experience recently, whilst working with a customer to implement some Microsoft Online services. They have an existing AAD Sync installation, although from time to time that stops working when Microsoft changes the IP addresses of the servers that are needed for synchronisation. This is not\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5414,"url":"https:\/\/www.markwilson.co.uk\/blog\/2014\/11\/choosing-an-office-365-identity-model-when-to-use-adfs.htm","url_meta":{"origin":5944,"position":2},"title":"Choosing an Office 365 identity model (when to use ADFS)","author":"Mark Wilson","date":"Tuesday 18 November 2014","format":false,"excerpt":"At the time of writing, Microsoft Office 365 has the ability to work with three identity models: Cloud identity (stored in\u00a0Microsoft Azure Active Directory). Synchronised identity (a copy of the objects from an on-premises Active Directory is made in Microsoft Azure AD), optionally with synchronised password hashes. \u00a0This is also\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7821,"url":"https:\/\/www.markwilson.co.uk\/blog\/2020\/01\/microsoft-online-services-tenants-subscriptions-and-domain-names.htm","url_meta":{"origin":5944,"position":3},"title":"Microsoft Online Services: tenants, subscriptions and domain names","author":"Mark Wilson","date":"Thursday 23 January 2020","format":false,"excerpt":"I often come across confusion with clients trying to understand the differences between tenants, subscriptions and domain names when deploying Microsoft services. This post attempts to clear up some misunderstandings and to - hopefully - make things a little clearer. Each organisation has a Microsoft Online Services tenant which has\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5906,"url":"https:\/\/www.markwilson.co.uk\/blog\/2015\/08\/bulk-changing-active-directory-upns-from-powershell.htm","url_meta":{"origin":5944,"position":4},"title":"Bulk changing Active Directory UPNs from PowerShell","author":"Mark Wilson","date":"Wednesday 26 August 2015","format":false,"excerpt":"As part of my current Office 365 project, I needed to prepare an on-premises Active Directory for synchronisation with Azure AD. This was a test environment that had been created by taking a copy of the production directory, so I had thousands of users - but all with incorrect user\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5496,"url":"https:\/\/www.markwilson.co.uk\/blog\/2015\/02\/microsoft-accounts-vs-microsofts-organizational-accounts.htm","url_meta":{"origin":5944,"position":5},"title":"&#8220;Microsoft accounts&#8221; vs. Microsoft&#8217;s &#8220;organizational accounts&#8221;","author":"Mark Wilson","date":"Thursday 19 February 2015","format":false,"excerpt":"If you're using Microsoft's online services, you might reasonably expect to authenticate against some form of directory service. \u00a0And, if you have your own directory service (like\u00a0Active Directory), you might reasonably expect to be able to synchronise it with your cloud identity to provide a holistic view to end users.\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5944","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5944"}],"version-history":[{"count":7,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5944\/revisions"}],"predecessor-version":[{"id":6096,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5944\/revisions\/6096"}],"wp:attachment":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5944"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}