Cloud Engineer - Everton Collins

Work by Everton Collins

Get-ADSyncScheduler

Azure AD Connect sync: Scheduler

By

Azure AD Connect sync synchronize changes occurring in your on-premises directory using a scheduler. There are two scheduler processes, one for password sync and another for object/attribute sync and maintenance tasks. This topic covers the latter.

In earlier releases, the scheduler for objects and attributes was external to the sync engine. It used Windows task scheduler or a separate Windows service to trigger the synchronization process. The scheduler is with the 1.1 releases built-in to the sync engine and do allow some customization. The new default synchronization frequency is 30 minutes.

The scheduler is responsible for two tasks:

  • Synchronization cycle. The process to import, sync, and export changes.
  • Maintenance tasks. Renew keys and certificates for Password reset and Device Registration Service (DRS). Purge old entries in the operations log.

The scheduler itself is always running, but it can be configured to only run one or none of these tasks. For example, if you need to have your own synchronization cycle process, you can disable this task in the scheduler but still run the maintenance task.

Scheduler Configuration

We can view the current configuration settings by using PowerShell run the following command. (view article connecting to Azure PowerShell )

Get-ADSyncScheduler

It will show you something like this:

Get-ADSyncScheduler

Starting the scheduler

By default AAD Connect will run every 30 minutes, I wanted to change the scheduler sync from every 30 minutes to every hour, so I would run the following command, changing the time to 1 hr

Example: Set-ADSyncScheduler -CustomizedSyncCycleInterval 01:00:00

See the results

Example: Set-ADSyncScheduler -CustomizedSyncCycleInterval 01:00:00
There will be times and quick regular where you will have created users on premise and made edits to user account in Active Directory and then want to resync those changes back over to the cloud in between regular cycles or you need to run different types.

Delta Sync cycle:

A Delta sync cycle includes the following steps:

  • Delta import on all Connectors
  • Delta sync on all Connectors
  • Export on all Connectors

You may have the need for an urgent change that must be synchronized immediately, which is why you need to manually run a cycle. If you need to manually run a cycle, then from PowerShell run Start-ADSyncSyncCycle -PolicyType Delta.

Full sync Cycle:

If you have made one of the following configuration changes, you will need to run a full sync cycle ( or initial sync)

  • Added more objects or attributes to be imported from a source directory
  • Made changes to the Synchronization rules
  • Changed filtering so a different number of objects should be included

If you have made one of these changes, then you need to run a full sync cycle so the sync engine has the opportunity to reconsolidate the connector spaces. A full sync cycle includes the following steps:

  • Full Import on all Connectors
  • Full Sync on all Connectors
  • Export on all Connectors

To initiate a full sync cycle, run Start-ADSyncSyncCycle -PolicyType Initial from a PowerShell prompt.

This command starts a full sync cycle.

Wildcard SSL Certificates