If you regularly follow this blog, you should be familiar with Azure Active Directory Connect Health, an Azure AD Premium feature that let’s you check the status of your on-premises AD Synchronization. You can check some previous blog posts related to Azure AD Connect, like this one https://spanougakis.wordpress.com/2016/06/12/get-ready-for-azure-active-directory-%cf%8c-online-%ce%ae/, this one https://spanougakis.wordpress.com/2016/02/26/azure-ad-connect-1-1-is-now-available/ and this one https://spanougakis.wordpress.com/2016/07/20/azuread-connect-health-for-windows-server-ad-is-here/
The Azure AD Team during the last 6 months added a lot of new features in Connect Health, having more than 10.000 customers that use it in production.
Today we have a new feature in Public Preview, the ability to get Sync Error Reports related to your AD synchronization. So let’s take a look at this new feature, that you can start using it immediately, by installing or upgrading to the latest version of Azure AD Connect, version 1.1.281.0 or higher.
What kind of reports you get and how it works
Errors during sync may appear and they are not easy to troubleshoot. So practically the new feature gives you a simple visual indication about the errors in the new Azure Portal (screenshots taken from this article https://blogs.technet.microsoft.com/enterprisemobility/2016/10/25/sync-error-reports-in-azure-ad-connect-health-are-now-in-public-preview/) :
It’s now obvious that you have a number of errors, but what should you do? Fortunately all errors are categorized, according to the table below:
Description and examples
|Duplicate Attribute||Duplicate value is assigned to an already synced object, which conflicts with another synced object.|
|Data Mismatch||Two or more objects with the same value of userPrincipalName exists in on premises Active Directory. Only one is getting provisioned in Azure AD.|
|Data Validation Failure||The UserPrincipalName attribute value has invalid/unsupported characters. b. The UserPrincipalName attribute does not follow the required format.|
|Large Attribute||When an attribute exceeds the allowed size limit, length limit or count limit set by Azure Active Directory schema, the synchronization operation will result in the LargeObject or ExceededAllowedLength sync error.|
|Other||A catch-all bucket to capture errors that don’t fit in the above categories.|
You can read about how to troubleshoot errors during synchronization in this article: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-troubleshoot-sync-errors/
You can find all these possible errors if you check the following screenshot:
Let’s now click on the “Duplicate Attribute” category to get more details about the error:
You can also see that you get a tip on how to fix the error, which is really cool.
Thanks for your time!