AADDS Improve Azure AD synchronization monitoring and management
We would like to have more control and monitoring over the synchronization between Azure AD and AD DS. For example, the Health blade only shows when the last sync with Azure AD happened. Can you display when the next one is supposed to occur? Were there any errors during that sync or what was synced?
Regarding management, could you provide admins with a way to trigger a full sync or delta sync? Could you let admins configure the time sync intervals between acceptable values? Or maybe even configure the sync rules for some attributes?
Charles M.
shared this idea
1 comment
-
Erin Greenlee
commented
Hi Charles,
These are all interesting thoughts. Thank you for sharing these ideas!
For the "last time synchronized": that shows the last time the managed domain has reached a steady state. The AAD-DS synchronization engine is constantly pulling for new changes from AAD. When the synchronization engine reaches a point where there are no more changes to pull from AAD, that is when we update the last time synchronized (i.e. this is the last full sync to occur). The synchronization engine won't stop after that, it will continue to poll for changes from AAD.
If your steady state time seems to be a long time ago, it could be that your directory is going through a lot of changes very quickly. The sync engine is chugging along in the background, but because your directory may be making many updates in a small period of time, it needs to catch back up.
Because of this, there shouldn't be a reason why you should need to trigger a delta sync -- we are constantly checking for updates from AAD and there should not be a time when the sync engine is "off". In other words, there is not time between sync intervals -- it is constant.
Attributes is another issue -- can you let me know what attributes in particular you would be interested in?
Erin Greenlee
Program Manager
AAD-DS