2

I am busy testing the migration of our on-prem exchange 2007 / server 2008 to o365 exchange, using AAD Connect.

The passwords of the users however are not syncing. So at the moment I'm having to change the password on the on-prem server as well as in the cloud.

In fact, no changes are syncing. I've looked in the event log, and there are no errors, it says it is syncing correctly. O365 admin says that the sync is less than hour ago (I changed task scheduler to sync every 10 mins).

(Happy to provide any relevant settings, but I am stumped as to which ones are relevant!)

  1. Why are my changes made on-prem not syncing?
  2. If I leave the password blank in the csv for the migration, the current password should be sent. I don't think this is happenening. Do I need to specify a password in the csv, thus forcing my users to update their password? I'd prefer not to..

Thanks.

leo_cape
  • 198
  • 1
  • 3
  • 15
  • So you are using Password Sync and not Federation? – blaughw Nov 08 '15 at 04:59
  • Yep Password sync, not federation yet - will convert to SSO once we have upgraded our server in a few months.. – leo_cape Nov 08 '15 at 05:20
  • Unfortunately I haven't tried Password Sync yet, nor AAD Connect. If the wizard is similar to the DirSync one, I would say double check settings. If there is PowerShell for AADConnect, confirm settings there. I know there are commands for getting config on the MSOL side. – blaughw Nov 08 '15 at 17:35
  • Thanks @blaughw , spoke to MS tech support and they couldn't solve the issue either, so I've ended up deactivating the Azure sync, and will re-install Connect and attempt the process again, watching more closely this time. – leo_cape Nov 08 '15 at 23:25
  • Scary that MS couldn't help out. Please do post an answer to your question if/when you get this sorted out! – blaughw Nov 09 '15 at 00:37
  • Well, un-installing and then re-installing AAD Connect was an absolute failure, don't try it! It couldn't unistall correctly. I have since, added a Server 2012 R2 essentials as the Primary DC, and then synced using the built-in Azure Sync, which doesn't do everything that AAD connect does, but it has at least allowed me to move forward - manually configuring the staged migration for each user.. Sheesh! – leo_cape Nov 23 '15 at 10:44

1 Answers1

1

If you configure the Sync in "Staged" mode (per your title), then no - it won't sync. The purpose of the staging server is kind of like a warm standby in case your primary sync server fails. You can move from staged to production pretty quickly and keep data in sync.

If we are in production sync - and users and data is syncing fine but not the initial password sync, then I've seen this happen before (More than once). I have not found the cause - but I do know usually after the initial sync if the users change their passwords, they get updated to O365. It ends up not being seamless in that respect, but it works just fine after that.

Jesus Shelby
  • 1,294
  • 9
  • 14
  • thanks - not running in Staged mode, I was testing a full deployment.. I have since deactivated the sync and am going to install (the latest version) of AAD Connect and hopefully that should resolve the issues as per the release notes: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-version-history/#1091250 – leo_cape Nov 10 '15 at 02:09