Problem solve Get help with specific problems with your technologies, process and projects.

Force a full or delta Azure AD synchronization with these methods

PowerShell is just one way to trigger AD synchronization when troubleshooting, making configuration changes or ensuring a consistent copy of on-premises AD.

Azure Federated Identity allows the user to synchronize on-premises Active Directory to Azure Active Directory,...

as well as manually trigger a full or delta synchronization. There are several reasons why you would want to force AD synchronization.

First, it can be helpful to force AD synchronization when you troubleshoot synchronization issues or resolve conflicts with objects. You might also want to force AD synchronization to ensure Azure AD contains a consistent copy of on-premises AD. Although the Directory Synchronization, or DirSync, tool performs a full synchronization when the service is up and running for the first time, you might need to force a full synchronization if you've made substantial changes to the DirSync tool's configuration or if there are too many synchronization errors.

There are two ways to force a full synchronization: You can utilize the PowerShell cmdlets that ship with the DirSync tool, or you can set a registry entry on the DirSync server that automatically triggers a full synchronization. The PowerShell cmdlet Start-ADSyncSyncCycle helps perform a full or delta synchronization.

To perform a full AD synchronization with PowerShell, execute the following commands on the DirSync server:

Import-Module ADSync

Start-ADSyncSyncCycle –PolicyType Initial

You might need to force a full synchronization if you've made substantial changes to the DirSync tool's configuration or if there are too many synchronization errors.

Another way to perform a full AD synchronization is to change a registry key on the DirSync server. The registry key is located at HKLM\Software\Microsoft\MSOLCoExistence key. You need to edit or create the FullSyncNeeded registry entry and set its value to 1. Once you have set the value of FullSyncNeeded to 1, DirSync will automatically trigger a full synchronization. Note that once synchronization is complete, the value of FullSyncNeeded registry entry changes to 0, which is expected.

If you need to replicate an urgent change from on-premises AD to Azure AD, execute the following commands to perform a delta synchronization:

Import-Module ADSync

Start-ADSyncSyncCycle –PolicyType Delta

Note that the default AD synchronization frequency in the DirSync tool is 30 minutes.

Next Steps

Azure Active Directory extends AD to the cloud

Understand changes to Azure licensing

Take advantage of Azure Security Center

This was last published in July 2017

Dig Deeper on Virtual machine monitoring, troubleshooting and alerting



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

In what other situations would you need to force Azure AD synchronization?