Azure AD Connect Sync Rules Explained

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome back in the previous lectures we did understand about the aad connect installation and their architecture now we would be uh going further to understand more about aad connect specific uh sync service manager that's a synchronization specific uh the rules and the involvement within that so these are the things which we talked about like aad specific uh the pre-requirements and the verification part of a domain and we also try to install with the aat connect with the option called the password hasink with the single sign on all that was working fine but we didn't go through it in depth of these kind of you know rules so we didn't know even though shown you know what are the accounts were used but we didn't uh covered in depth of uh the filtering options especially we did only covered the like a group based or domain based ou or specific attribute level but we didn't talk about uh much about the sync specific rule so let's talk about that so if you start looking into it like if we are talking about anything called synced identities that means it can be from azure 80 or from on premises directly so in this case this is your azure 80 and this is your on premise so to connect and get one identity solution for you you need to install the aad connect that's what we learned in the previous lectures now it's time for us to understand more about aat connect specific rules how they are impacted or how they are help us do you know in order to get the sync process to be smoother for example if you see here the act actually you can get the directory information from your local active directory space as well as from the azure ad connector specific and in between there's a metaverse this is a virtual environment kind of thing where uh these three are think that these three are definitely within the database but now what happens is this represents the left side local ad represents active directory and as your ad represents a connection specific to aad specific and then a mid in between you do have metaverse and that's where actually the compassion would happen and the changes would happen and those changes will be no carry forwarded in terms of the inbound and outbound so that's what we're gonna learn now so you see here the space called local aad connect and whatever the changes are gonna process that would you know come back to metaphors and within this meta was what we do is uh we also get it the information from aad specific this is just for the inbound rules now let's also have a look on outbound rules very similar like whatever the changes has been done that would you know push back to local ad connect to the side and the side to the aad connect so you might be into thinking what are those changes uh we would be know showing you that in a minute or so let's say you have a local aad connector in this case for example this is a space right so we talk about here more specific to local a the connector space and any of the used object definitely that would have some of the attributes right so let's say some account name is there user principal name a user account control object good id and display name employee so these are the local ad specific attributes let's see so what happened once you start synchronization so that means the sync would happen with the help of local aad local ad connected space so once that's connected what happens is it actually process uh the rules to meta wash so what are the changes would happen in the metaverse the meta was well get the changes so the changes that sam icon name gets changed to account name because uh definitely the naming uh the attributes are not the same even though you have the azure ad connected the attributes are not the same so to reflect as the same or to make as a visible as a one all you have to do is you have to depend on the metaphors that's where the microsoft has dependent on aad connect a mechanism within that they are changing so when you start syncing some account name that gets changed to account name and similarly user account control um that gets changed to user enable that's the account enable status and also object good id is nothing but your source anchor so i did you know talked about the source anchor uh in the previous lectures source anchor is the anchor where it tied up and then it gets into sync with the uh azure 80 or wherever it has to go for example maybe to the local a80 so similar things would happen uh from the a80 connect specific so what happens is uh in aad that's azure 80 you have the account name and also you have account enabled and source anchored as the same because that's how the schema or you take it as attributes are present in azure a80 so now this is all about inbound so it's not just the input we also have to depend on outbound let's have a look on outbound that means the data was uh processed for the sinking to metabolism uh similarly aad also pulls the data and it puts in one place now so this is the place you have all the inputs now let's have a look on output so what happens is in the output it would actually um sense the data even for the output so the outbound also very similar like you know you have the changes that's gets changed according to sam here semicolon name and that's how it gets changed and also account enabled gets changed to user account control and source anchor gets changed as the object geo id that's how it's going to change let's understand more about uh in terms of the user objects or the group objects or the device objects how the sync process would happen so as for you might have already understand that aad connect as well as the ad connect space both were there and within these the inbound and outbound is happening right so let's uh apply these things how the sync rules will process for the user specific and group and devices specific so as you know that you know every object will have inbound and outbound specific that means for users we have inborn and outbound similarly for groups and devices now let's have a look on how the aad connector specific will be there so within aad connect there is something called in from aad and as well as the from aad so there are two different in rules will be there for the user specific similarly for the out to active directory that's a for the user object as well as the out to aad users so these are the rules inside your sync synchronization so these are the by default rules yes you can change them you can do you can modify you can add your own attributes to get uh preference uh instead of you know specific attributes to be no synced let's see let's say we take as uh one of the department called only hr department to be synced with as your aat then you can simply change that department a specific attribute of within your sync process or sync rules and then that gets only affected that means all the hr department specific can be seen similarly the location and a rest of the things can be done so these are the advanced level of you know configurations that can be uh configured later point but you know if you just understand now the sync rules how these works uh this makes easy for us for the demo purpose so now we understand for the aat for the 80 as well as the aid is specific in from and in from and also out to out to similarly for the group's remaining remaining object types like groups and devices also it would be the same things will be updated for example here outbound and out to 80 and out to aad similarly for in from ad computer uh in this case it's a computer and here we call it as a device in azure 80 so a little bit change of the name but it remains the same i'm going to talk about now about three different commands that can be used for uh by using powershell you can sync and you can get more information about your your ad connect or active directory specific as your aad connect specific sync uh schedule information you can get it the first one would be the get hyphen adsync scheduler this will give you this a specific command gives the information about mostly uh about the status of your sync specific for example here a load sync interval is every 30 minutes it can sync so that's the currently sync configuration that means every 30 minutes it is getting synced similarly current effective sync um cycle interval also 30 midnights and custom sync interval is not configured so the first uh sync would be ancient a later point every time it goes to o goes with the delta so here the next sink is always delta and when it's going to happen next thing cycle the time as well as the purge of history from your console that is the from the gui you have the sync when it is synced and all that history will be there that is by default seven days it will store that information is available here and also sync cycle enabled and maintenance if it is enabled through um that means it it would you know take it goes for the maintenance mode and also staging mode um this is again used for the purpose of configuring more than one ad connect for the higher availability purpose where it just uh put into the um database but it doesn't actually process the objects to sync to aad but it just pulls the information and it saves the information so all this will be you know get the information from get ad sync schedule and next one would be if you want to sync you can use start adsync and sync cycle there's no spy mystic it is a twice the sink that indicates here the policy type as a delta it's going to success and if you're trying to do an initial sink uh you can always go for delta or initial can be no used uh i'm sorry here initial uh would be in a given but i didn't uh type a mistake here but you can you know give us the initial that would i know gives the information so now we just talked about many things uh so far but we didn't see the synchronization rule editor much so this is the rule editor which uh does all this you know inbound outbound of the objects and you can edit those rules from here by editing make sure that you know whenever you are trying to edit it it will give you a warning that you know make a clone of that existing role so when you try to clone that specific rule that makes uh easy our life later point if something goes wrong for further level of troubleshooting so make sure that uh you always take a clone of the rule uh whatever the option it is giving by default you try to choose that and make sure that you take that cloning now the president says anything uh near to the one as a value indicates the higher precedence that means it first process in this case user join of because it has the 115 as a precedence and then it goes for the user identity with 116. similarly it will follow remaining precedences so that's how it's going to happen and you can filter here the direction of inbound and outbound in this case it's just for the outbound and you see here out to aad that's what we talked about in this small sync rules presentation out to aad that's how it's there and also if you filter with the a in bond you get as the into also in bond uh in from and in from aad so all that would you know come up for you so that's how it's going to work and i hope yeah this is where i gave the initial sync specific um i didn't forgot but it's there so that's all about the sync specific things i'm gonna talk uh and show you more with the demo uh maybe you know you can learn more when i'm trying to you know demonstrate this all these tips i hope this is useful for you thank you for watching this

Info

Channel: Paddy Maddy

Views: 1,008

Rating: undefined out of 5

Keywords: azure ad connect sync rules, azure ad connect rules editor, azure ad connect install, azure ad connect sync, azure ad connect reset, ad connect, azure ad connect, synchronization rules, aad connect tool, aad connect, active directory tutorial for beginners, ad ds, azure active directory, azure active directory connect step by step, azure ad, azure ad connect installation step by step, azure ad overview, azure ad tutorial, azure tutorial for beginners, paddymaddy

Id: J2ul5ynq0ew

Channel Id: undefined

Length: 13min 32sec (812 seconds)

Published: Tue Dec 29 2020