Enterprise Mobility and Security Blog

RSS

Howdy folks,

If you’re an Azure AD Connect Health user, this post is for you! We’ve made a few enhancements to sync error reports to help make information easier to digest and act on.

I’ve invited Varun Karandikar, a Program Manager on the Azure AD Connect Health team, to tell you more about these updates. His post is below. Please let us know what you think about the updated reports – we’re always listening and look forward to hearing from you!

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

P.S.: Azure AD Connect Health is another on one of the “secret gem” features of Azure AD. If you aren’t using it today to monitor your ADFS and AAD Connect Sync Server, you are definitely missing out!

—-

Hello,

Many of you may know about the Azure AD Connect Health service, which allows you to monitor and gain insights into your hybrid identity infrastructure. (Check it out if you haven’t yet!) It also provides reports about synchronization errors that might occur while syncing data from on-premises AD to Azure AD using Azure AD Connect.

So, what’s new?

In this short post, we wanted to make three key announcements about sync error reports:

  • Accessing the sync error report does NOT require Azure AD Premium.

  • We’ve added a dedicated category for the “FederatedDomainChange” errors.

To view the report, upgrade to the latest version of AAD Connect (also works with version 1.1.281.0 or higher) and then simply navigate to the Azure AD Connect Health Dashboard.

That’s great! Tell me more…

Sync error reports are aimed at making it easy for admins to deal with errors that occur while syncing data from on-premises AD to Azure AD using Azure AD Connect. This capability is now available for all tenants and does not require Azure AD Premium.

If you haven’t heard about the recent changes we made regarding how Azure AD handles duplicate attributes, please read more about the Duplicate Attribute Resiliency feature. When errors are introduced, it is appropriate for an admin to get a report about all the errors in one place. Azure AD Connect Health sync error reports do exactly that – they combine the errors reported on the Azure AD Connect server as well as errors introduced by the Duplicate Attribute Resiliency feature. This allows you to get all the relevant information you need about the object involved in the errors and instructions on how to fix the error.

Last but not least, we’ve added a dedicated category for “FederatedDomainChange” error. If you change a user’s UserPrincipalName suffix from one federated domain to another (for example, user@linkedin.com is changed to user@microsoft.com), currently the user fails to sync due to a limitation in Azure AD and this is surfaced as a “FederatedDomainChange” Sync Error (error code = 105). With this dedicated category in the sync error report you can easily find all such users and take steps to fix these errors.

We hope the sync error reports will help you easily navigate through errors and fix them quickly by providing all the relevant data in a few clicks.

If you have any feedback or comments do reach out to us at askaadconnecthealth@microsoft.com.

Thank you,

The Azure AD Connect Health Team