Finally I got some time to play with the new Azure Active Directory Sync tool and configuration.   You can see the new features of this tool in Alex Simons’  blog –


The installation was very straight forward.  The step-by-step instruction are provided in the article.  The administration tools and scripts are located in difference places which was little confusing in the beginning.  There  are three tools available to administer or customize the AAD sync configuration.

Synchronization Service Manager – C:Program FilesMicrosoft Azure AD SyncUIShellmiisclient.exe

Synchronization Rules Editor – C:Program FilesMicrosoft Azure AD SyncUIShellSyncRulesEditor.exe

Synchronization Service Key Management – C:Program FilesMicrosoft Azure AD SyncBinmiiskmu.exe

Synchronization Service Manager

This is where you administer or customize your synchronization options.  It is an MIIS client. In the backend it creates Management Agent (MA) for your directory and Azure.


The default location of this file (missclient.exe) is in C:Program FilesMicrosoft Azure AD SyncUIShell


By default, the Azure AD sync schedule to run every 3 hours.    It is Windows scheduled task as shown in the following screenshot:


You can manually force the replication from here if needed.   In the backend it calls the DirectorySycnClientCmd.exe file which is located in C:Program FilesMicrosoft Azure AD SyncBin folder.

Note:  If you have Office 365 in a hybrid mode, changing the default schedule or creating a custom schedule is not recommended or supported.


Object Filter and Customization

Object selection and customization can be performed using the Synchronization Service Manager tool.



Synchronization Rules Editor

This is where you can create custom filters based on an attribute or attribute values. By default, this tool (SyncRulesEditor.exe) is located in C:Program FilesMicrosoft Azure AD SyncUIShellfolder.


You can create a new filter by selecting the Add new rule button in the Synchronization Rules Editor.



If you are planning to use an attribute based filer, make sure that the required attribute is selected (enabled) in the connector (MA) properties.



Categories: AzureMicrosoftServer

Related Posts


Azure – Your account is temporarily locked to prevent unauthorized use

Here is the another common error message when dealing with directory and password synchronization.  Error Message: Your account is temporarily locked to prevent unauthorized use. Try again later. Contact Customer Support if the problem persists Read more…


Verify Service Status Remotely Using Local Account – PowerShell Script

I have modified one of my previously published script – Stop, Start, Disable Service Remotely–PowerShell Script ( to use Local account (instead of a domain account) to verify the status of the service.   Input Read more…


Collect Computer Information From Active Directory– PowerShell Script

This PowerShell script can be used to collect computer information from Active Directory.   I am searching only Windows XP and Windows 7 machines.  You can update these values  by modifying $OS1 and $OS2 variables. $OS1 Read more…