I was just doing some work in a devops work tenant, that usually has a Hybrid setup created and Azure AD Connect installed and running, and I realized that I needed to check when was the last time that:
- the Directory synchronized successfully
- Passwords synchronized successfully
As this is a very simple process I thought I should write a 5min blog post about it.
All you have to do is connect to the Azure Active Directory of your tenant and execute the Get-MSOLCompanyInformation.
The 3 parameters that you want to look at are:
- DirectorySynchronizationEnabled (this one is not mentioned above. It shows if the tenant has the synchronization enabled or not)
Hope that this information is helpful.
There’s no easy way to say this. The new Office 365 admin Portal comes with a new way to enable Directory Sync, a wizard that tries to guide you through with a series of questions and suggestions. The end result is bad, to say the least.
The wizard is confusing and the end result is sometimes not the expected. It happened to me several times finishing the wizard just to find out that Directory Sync was still disabled.
In my opinion things like finishing the wizard if you select “1-10” in the number of users of your organization, assuming of course that you don’t want Directory Sync, are not welcome. I understand the “dummy proof” idea behind it, but let’s face it not everything needs to be designed in such way.
As you can see above once you run the wizard you’ll get a summary report of the results, and links to download AD Connect and the IdFix tool.
But the purpose of this blog post is to explain you how to get away from the wizard and on a simple command activate Directory Synchronization. Here it goes:
- Download and install the Windows Azure Active Directory Module for Windows PowerShell
- Connect to Office 365 and run the cmdlets below
Enable Directory Sync:
Set-MsolDirSyncEnabled -EnableDirSync $true
Verify Directory Sync state:
I hope the above is helpful. As always, any questions please let me know.