How to: Force Active Directory Synchronization for Office 365 / Windows Intune / Windows Azure

How to: Force Active Directory Synchronization for Office 365 / Windows Intune / Windows Azure

Every now and then you´ll come across the need to force directory synchronization as this usually takes place very few hours (I believe 3). So what is the issue here? Well, you could had done a massive update on your servers and you really can´t wait 3 hours for those changes to replicate. Or for instance, say one of your users updated his/her password and can´t log in now as the old one is in use online (granted, they could log in with their old password) performing the sync would sync their passwords as well (if password sync was selected during config).

In order to force synchronization, first you´ll have to log into the server that has the Directory Synchronization tool installed. Open up PowerShell (preferably as an Administrator) and navigate to C:\Program Files\Windows Azure Active Directory Sync\.  Then start the Directory Sync Configuration Shell by typing .\DirSyncConfigShell.psc1

This will launch the Directory Synchronization Configuration Shell.  Once this is open you can type the following command to force synchronization:

---

 

UPDATE (October 2014): The newer versions of the Active Directory Sync tool have placed this script on a different path:

C:\Program Files\Windows Azure Active Directory Sync\DirSync>

Now you won’t be launching a new shell, but rather, importing the modules into the current shell. In order to import the required modules you need to run: .\ImportModules.ps1

---

 

Start-OnlineCoexistenceSync

If you didn’t execute powershell with Admin Credentials (Run As Administrator) then you’ll get this warning:

 WARNING: Event logging may fail. The current user () is not a member of the Local Administrators group on this computer.

 

As noted this is only a warning and the sync will proceed as normal. The issue here is that logging into the Event Log may fail and you won’t be able to keep a record of what happened during that sync. Not a huge issue most of the time but just as a good practice Run this command as an Administrator to get full functionality.

Once the sync is done you can check on the web that the sync happened. Unfortunately it measures it by hours so if you are perfoming synchronizations every minute you won´t know unless you visit the event log if they have completed or not as the best you´ll get from the site is “Sync performed less than an hour ago”.

 

Note that all synchronization events can be found in the Application Event Log on the server that the Directory Synchronization Tool is installed.