Troubleshooting Directory Sync A review and an odd solution

5-troubleshooting-directory-syncHello, I ran into some strange issue with directory sync the other day, which alerted me to some behavior issues on my part that I need to be more conscious of…and some strange behavior on the Azure Active Directory Sync Connector’s part.

I came across this error when adding some licensing to let some users start to test drive Office 365. I noticed this error message on the screen.

1-dirsync-status

3 days ago? why wasn’t I alerted before this…well truth be told I was. Since we are still in the pilot phase of Office 365 and haven’t added all of our domains we are getting sync errors and Microsoft likes to let you know that you’re getting sync errors. I created a rule to move those emails to a different directory and forgot about it. Be so very careful with rules that automatically move email. If you don’t need those emails find a way to have them not sent to you…but this becomes a little bit like the boy who cried wolf story and if you become over saturated with emails you might just start missing the important stuff.

1-5-dir-sync-email

Anyways, had I got this email 3 days ago I would have addressed it more quickly. Microsoft offers some decent troubleshooting via wizards and links but I found much of it makes you feel like you’re chasing your tail. If you click on the Last Directory Sync you will be sent to a directory status page. Be careful on this page because I am more concerned with the Last Directory Sync than the DirSync errors…especially right now but they get equal real estate on the page.

2-dir-sync-status-page

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The nice thing about this page is the “Troubleshoot” link. The troubleshoot link will take to another page that will give you the opportunity to scan for directory sync errors. You will also get the option to download a Microsoft Support Assistant. Make sure you get this tool onto your sync server. In most cases, if the issue is obvious the quick scan is enough to help you move your troubleshooting forward, if you aren’t syncing any object there isn’t much of a point in taking a deep dive into your Active Directory Objects which is what the Full Scan will look into.

3-troubleshooting-page

4-dl-tool-to-run-computer-checksMake sure you are putting this app on your Azure Sync system.

5-support-assistant

5-troubleshooting-directory-sync

And finally some results…

sdf6-found-issues

One thing that drives me nuts about these Azure tools is everytime you see “Help me fix this issue” or “Troubleshoot” they almost always want to send you to a generic webpage and up to this point I had spend 45 minutes just to find out what I already knew. Sometimes it pays just to start at the source and not the destination.

I found this website which has lots of useful troubleshooting tips for directory sync issues

https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnectsync-feature-scheduler/#stop-the-scheduler

they have instructions on how to start a sync cycle with Powershell

start-adsyncsynccycle -PolicyType Initial – This starts a full sync.

start-adsyncsynccycle -PolicyType Delta – Delta sync – In this case since we haven’t synced in 3 days it’s not as useful.

You can check the Sync Connector Status

get-ADSyncConnectorRunStatus – which for me returned nothing…

I wasn’t able to get into Synchronization Service Manager…so I decided to just reboot. After I rebooted everything started working but I found something very interesting.

hello-it-have

10-fixed-after-reboot-by-sync-service-manager-showing-errors

It looks like my database disk was full which stopped the service. This doesn’t make a lot of sense to me yet since my database is well under 10 GB (SQL Express limitation) and my hard drive size is fine, I will however keep on it and report back when I’ve figured out what broke my sync.

but good news…

fixed-sync-status

Summary

I found this to be a frustrating process to run around. Microsoft tries really hard to help you, but in doing so instead of narrowing down an issue they throw so much at you that you have to troubleshoot an issue and narrow things down yourself. My hope for the Troubleshooting Assistant would be to detect all issues and errors and report back or at least help you identity. I ended up having to abandon the tools and start troubleshooting what I already know which led me to the issue. Let me say this, this is a complex subject and there are a lot of places where things can break down. Start with the sync server before starting with Office 365, that is a piece of advice I think that will help you immensely and for goodness sake, don’t ignore your emails.

 

Leave a comment

Your email address will not be published.


*