Event monitoring and troubleshooting in Azure AD Connect

So, now that you have your hybrid identity method configured, hopefully it will all run smoothly for you. However, occasionally you may encounter some problems, and this is where the ability to assess and troubleshoot Azure AD Connect with tools and from the Microsoft 365 portal can assist administrators to quickly identify and resolve issues. Administrators will be able to perform the following tasks:

1. Review and interpret synchronization errors by accessing the Microsoft 365 admin center via https://portal.office.com and examine the Azure AD Connect directory sync status. Here, you will see an overview of any directory synchronization errors. A common example may be a duplicate proxy address or UPNs causing conflicts and preventing an object from syncing. The following screenshot shows the Azure AD Connect tile you will see in the admin center. Any issues with your synchronization will be shown here in red:
   

   Figure 1.16 – The Azure AD Connect status

2. If you drill down further, you will see additional details about your directory sync status, as shown in the following screenshot. One of the tools you can download from here is IdFix, which you can run from any domain-joined workstation on your environment. It provides detailed information on synchronization issues and guidelines on how to resolve them:
   

   Figure 1.17 – Directory Sync Status

3. Receive and act on email notifications relating to an unhealthy identity synchronization. These email alerts are configured by default to alert only the technical contact who is defined in your Microsoft 365 tenant under Organization profile. These emails will continue to be sent to the technical contact until they are resolved.
4. Check Synchronization Service Manager on the Azure AD Connect server to confirm that the operations required for a successful synchronization have been completed. If any errors occur, they will be displayed here with explanations as to why the operation has failed:
   

   Figure 1.18 – Synchronization Service Manager

5. Directory synchronization occurs every 30 minutes by default. However, you can generate a synchronization on demand by opening the Connectors tab and manually starting the process, as in the following screenshot:
   

   Figure 1.19 – Synchronization Service Manager

6. Click on Actions and select Run:
   

   Figure 1.20 – Connector actions

7. You will be able to run the desired connectors from here, as shown:
   

   Figure 1.21 – Connector options

8. It is also possible and far simpler to run a manual synchronization process using PowerShell from your AD Connect server with the following commands:

   Start-ADSyncSyncCycle -PolicyType Initial (initiates a full synchronization)

   Start-ADSyncSyncCycle -PolicyType Delta (initiates a delta synchronization)

In this section, we examined event monitoring and troubleshooting techniques in Azure AD Connect. You learned how to review, interpret, and respond to synchronization errors in the Office 365 portal and by checking the Synchronization Service Manager tool. We also showed you how you can manually trigger the synchronization process from the Synchronization Service Manager tool and by using PowerShell.