Tuesday, May 15, 2012

Microsoft DirSync Force Directory Synchronization

Recently I have been working on Office 365 and AD FS and at this stage I keep creating, changing and deleting accounts. By default the Microsoft Online Services Directory Synchronization Tool synchronizes changes made to the Active Directory user accounts to those in the Microsoft Online Services directory every 3h, which is a long time for me to wait...

If you are testing something or want to immediately disable someone’s account (maybe because their contract has terminated), you will want these changes synchronized as soon as possible (like me).
To achieve this, you have to manually force a directory synchronization by running the Microsoft Online Services Directory Synchronization Configuration Wizard again or by using the Directory Synchronization PowerShell cmdlet.

To force directory synchronization using the Configuration Wizard:
  1. On the computer that is running the Microsoft Online Services Directory Synchronization tool, click Start -> All Programs -> Microsoft Directory Synchronization and then click Directory Sync Configuration;
  2. Follow the instructions in the wizard and provide the requested credentials;
  3. On the Finished page of the wizard, select Start directory synchronization now, and then click Finish.


To force directory synchronization using PowerShell:
  1. On the computer that is running the Directory Synchronization tool, navigate to the directory synchronization installation folder, %programfiles%\Microsoft Online Directory Sync (by default), and then run DirSyncConfigShell.psc1 to open a PowerShell window;
  2. In the PowerShell window type Start-OnlineCoexistenceSync and then press Enter.



To double check that the synchronization worked, login to your Office 365 portal and click in Users. In here you will see when the last synchronization happened:



Another option is to change how often the directory synchronization occurs. To change this:
  1. On the computer that is running the Directory Synchronization tool, navigate to the directory synchronization installation folder, %programfiles%\Microsoft Online Directory Sync (by default);
  2. Open the Microsoft.Online.DirSync.Scheduler.exe.Config file for editing;
  3. Update the value of the SyncTimeInterval key with the interval that you prefer (the value is expressed in hours, minutes and seconds).



Hope this helps!

4 comments:

  1. Thanks for the exhaustive article.
    Is there a maximum frequency that should not be surpassed? What happens if a new scheduled sync time arrives while an existing sync is underway?

    ReplyDelete
  2. Hi,

    I personally wouldn’t set it to less than 1h. If you are doing tests like me, you can easily force it to sync using PowerShell.
    If in your environment there are constant changes to user accounts that you would like to sync as soon as possible, I would set it to 1h and inform users/ServiceDesk that changes might take up to 1h to get “replicated”. At the end, it’s a commitment between performance/network load and usability and it varies from environment to environment...

    Regarding what happens when “a new scheduled sync time arrives while an existing sync is underway” I am not sure to be honest... No matter if it cancels the new sync or simply runs it once the first one finishes, the end result should be practically the same (unless we are talking about a huge environment with many changes where a sync takes a long time to run).
    Once my lab environment is up and running again, I will try to test this to see what happens.

    Regards,
    Nuno

    ReplyDelete
  3. Scheduled Sync interrupts the manual sync and leaves it unfinished. This caused a serious problem for us when the initial sync had too many objects to sync in 3 hours - I read somewhere 5,000 objects per hour. Checking with PSS on increasing the interval or alternative when creating thousands of objects in AD.

    ReplyDelete
    Replies
    1. Thank you for the warning, glad I never came across it!

      Delete