Jaa


Azure Active Directory Sync Frequently Asked Questions

Updated: July 21, 2015

Important

This topic will be archived soon.
There is a new product called “Azure Active Directory Connect” that replaces AADSync and DirSync.
Azure AD Connect incorporates the components and functionality previously released as Dirsync and AAD Sync.
At some point in the future, support for Dirsync and AAD Sync will end.
These tools are no longer being updated individually with feature improvements, and all future improvements will be included in updates to Azure AD Connect.

For the most recent information about Azure Active Directory Connect, see Integrating your on-premises identities with Azure Active Directory

Contents

  • Scenarios

  • FIM 2010

  • Functionality

  • Timing and Licenses

Scenarios

  • What are the main goals of AADSync?

  • Are there important DirSync features that are not supported by AADSync?

  • Can I use AADSync for an on-premises GAL sync?

  • Will AADSync support multiple on-prem Exchange organizations?

What are the main goals of AADSync?

AADSync makes multi-forest and non-AD on-boarding to AAD (Azure Active Directory) and Office 365 easier and more predictive.
It will support AAD Premium features and a step-up from DirSync for more advanced configurations. 

Are there important DirSync features that are not supported by AADSync?

For a complete overview, see the Directory Integration Tools.

Can I use AADSync for an on-premises GAL sync?

No. There is no support for on-premises GAL sync scenarios in the current version of AADSync.
In particular, AADSync does not run the Exchange PowerShell cmdlets to enable objects. 

Will AADSync support multiple on-prem Exchange organizations?

Yes. We are working with several Office 365 teams to make sure we can support all common multi-forest scenarios, including customers with multiple Exchange organizations and a single AAD directory.

FIM 2010

  • What are the differences between AADSync and FIM 2010?

  • Can I upgrade from FIM2010 to AADSync?

  • Is it still supported to use FIM 2010 and the AAD connector?

What are the differences between AADSync and FIM 2010?

AADSync is different from FIM 2010 in many aspects:

  • The announced deprecated features have all been removed from the product.

  • All configuration is based on declarative provisioning.

  • The configuration is based on PowerShell.

Can I upgrade from FIM2010 to AADSync?

No. Because the architecture of AADSync is different from FIM 2010, there is no upgrade path available.
However, there is documentation available that outlines the required steps.
For more details, see Moving from DirSync or FIM to Azure Active Directory Sync.

Is it still supported to use FIM 2010 and the AAD connector?

Yes. Using FIM 2010 and the Azure Active Directory Connect for FIM 2010 (AAD Connector) is still a supported scenario. Download the AAD Connector here.

Functionality

  • How can I enable / disable debug tracing for the Microsoft Online Services Sign-in Assistant?

  • How can I run AAD Sync from the command prompt?

  • How often are changes synchronized?

  • Is it supported to add an ECMA2 connector to AADSync?

  • Is there an automated upgrade process from DirSync to AADSync available?

  • Why is declarative provisioning based on VBA and not C#?

  • Is PowerShell used by the installation wizard to configure the sync engine?

  • Is ObjectSID referencing SIDHistory in other forests?

How can I enable / disable debug tracing for the Microsoft Online Services Sign-in Assistant?

You can find related instructions here: https://support.microsoft.com/kb/2433327

How can I run AAD Sync from the command prompt?

To run AAD Sync from the command prompt, you can use a tool called DirectorySyncClientCmd.
You can find the tool in the following folder: %ProgramFiles%\ Microsoft Azure AD Sync\Bin

The tool supports the following options:

  • initial

  • delta

How often are changes synchronized?

Changes are synchronized based on a three hours interval  (this is the same interval that is also used by DirSync).
There is a scheduled task running as the service account which will run the cycle.
If you unselected “synchronize changes now” during installation then the task is installed as "disabled".

Is it supported to add an ECMA2 connector to AADSync?

No. In the current version, it is not supported to add an ECMA2 connector.

Is there an automated upgrade process from DirSync to AADSync available?

No. Upgrading from DirSync to AADSync requires manual interaction.
For more details, see Moving from DirSync or FIM to Azure Active Directory Sync.

Why is declarative provisioning based on VBA and not C#?

Visual Basic is the most common language known by IT-Pros. Also note that configuration is through PowerShell and does not involve compiled DLLs.

Is PowerShell used by the installation wizard to configure the sync engine?

Yes. The entire configuration is created using PowerShell.

Is ObjectSID referencing SIDHistory in other forests?

No. However, it might be in the future.

Timing and Licenses

  1. How is AADSync licensed?

  2. What about writing data between on-premises directories?

How is AADSync licensed?

AADSync is based on AAD licensing. It is free to synchronize from any on-premise directory to AAD (and write back attributes needed for Hybrid Exchange).

If you have AAD Premium it is included there as well and will allow you write back identity information from AAD to your on-premise directory when that feature is available.

What about writing data between on-premises directories?

This scenario will require an AAD Premium license.

See Also

Concepts

Azure Active Directory Sync