This tech tip is in English.
Ever wanted to force a password sync with Azure AD Connect ?
This is a simple way to do it.
Windows server event log
Look for event 656/650/657 in the application log after you run the powershell commands in the next section.
Powershell
Startup your Powershell ISE or a Powershell prompt
Import-Module adsync
$aadcon = Get-ADSyncConnector | Where {$_.Type -eq “Extensible2”}
$adcon = Get-ADSyncConnector | Where {$_.Type -eq “AD”}
$c = Get-ADSyncConnector -Name $adcon.Name
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter “Microsoft.Synchronize.ForceFullPasswordSync”, String, ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c.GlobalParameters.Remove($p.Name)
$c.GlobalParameters.Add($p)
$c = Add-ADSyncConnector -Connector $c
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adcon.Name -TargetConnector $aadcon.Name -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adcon.Name -TargetConnector $aadcon.Name -Enable $true
New way
- Open the PowerShell command prompt as an administrator.
- Run the command
Import-Module ADSync
. This imports the Azure AD Connect module. - Run the command
Start-ADSyncSyncCycle -PolicyType Delta
. This initiates a delta sync cycle, which synchronizes only the changes made since the last sync. - To check the current sync status, run the command
Get-ADSyncScheduler
. - To force a full sync, run the command
Start-ADSyncSyncCycle -PolicyType Initial
.