Finally I got some time to play with the new Azure Active Directory Sync tool and configuration.   You can see the new features of this tool in Alex Simons’  blog – http://blogs.technet.com/b/ad/archive/2014/04/21/new-sync-capabilities-in-preview-password-write-back-new-aad-sync-and-multi-forest-support.aspx.

Installation

The installation was very straight forward.  The step-by-step instruction are provided in the http://msdn.microsoft.com/en-us/library/azure/dn757602.aspx article.  The administration tools and scripts are located in difference places which was little confusing in the beginning.  There  are three tools available to administer or customize the AAD sync configuration.

Synchronization Service Manager – C:Program FilesMicrosoft Azure AD SyncUIShellmiisclient.exe

Synchronization Rules Editor – C:Program FilesMicrosoft Azure AD SyncUIShellSyncRulesEditor.exe

Synchronization Service Key Management – C:Program FilesMicrosoft Azure AD SyncBinmiiskmu.exe

Synchronization Service Manager

This is where you administer or customize your synchronization options.  It is an MIIS client. In the backend it creates Management Agent (MA) for your directory and Azure.

1

The default location of this file (missclient.exe) is in C:Program FilesMicrosoft Azure AD SyncUIShell

Schedule

By default, the Azure AD sync schedule to run every 3 hours.    It is Windows scheduled task as shown in the following screenshot:

2

You can manually force the replication from here if needed.   In the backend it calls the DirectorySycnClientCmd.exe file which is located in C:Program FilesMicrosoft Azure AD SyncBin folder.

Note:  If you have Office 365 in a hybrid mode, changing the default schedule or creating a custom schedule is not recommended or supported.

3

Object Filter and Customization

Object selection and customization can be performed using the Synchronization Service Manager tool.

4

 

Synchronization Rules Editor

This is where you can create custom filters based on an attribute or attribute values. By default, this tool (SyncRulesEditor.exe) is located in C:Program FilesMicrosoft Azure AD SyncUIShellfolder.

 

You can create a new filter by selecting the Add new rule button in the Synchronization Rules Editor.

 

image

If you are planning to use an attribute based filer, make sure that the required attribute is selected (enabled) in the connector (MA) properties.

 

image

Categories: AzureMicrosoftServer

Related Posts

Microsoft

PowerShell TTUC #13 – Scheduled Jobs

PowerShell Tips, Tricks and Useful Commands (TTUC) #13 – Scheduled Jobs PowerShell scripts can be run as a scheduled job using using Windows scheduler.  Create a batch file with the following syntax/commands:   Powershell.exe “c:scriptsmytestscript.ps1” Read more…

Microsoft

PowerShell TTUC #15 – File Name with Time Stamp

PoweShell TTUC (Tips, Tricks and Useful Commands) #16 – File Name with Time Stamp File can be created with date / time suffix using the following syntax / commands: New-item -type file -Name (“MyFile_$(Get-Date -f Read more…

Microsoft

F5 VPN Plug-in and NPuroamHost.dll Issue

By default, the F5 VPN plug-in (F5 Networks Firepass Host Plugin) doesn’t install from Internet Explorer 11 browser.  If you try the manual installation option, you will get only the NPuroamHost.dll file. Copying and pasting Read more…