How to Compare primary and staging Azure AD connect (AADC) sync servers configuration and data: If you want to compare active and staging AADC sync servers before swap the roles between them, then you have to compare both the servers Azure AD connect configuration (which contains selected Forest/Domains/OUs and all sync rules) and also the metaverse objects on both the servers to make sure the configurations and metaverse (MV) data is identical, so it won’t impact if you swap the primary and staging Azure AD Connect sync servers
Also Read: Understand how On-Premises Active Directory object get synchronized to Azure AD (Run Profiles Explained)
Also Read: Force Active Directory Sync through Azure AD Connect to Office 365/Azure with console and Powershell Commands
Compare Azure AD connect configuration:
- Login to AADC Servers
- Open power shell and run below command to dump the configuration
- Get-ADSyncServerConfiguration -Path c:\temp\compare
- Download the latest release AzureADConnectSyncDocumenter.zip and extract on the same location
- Copy Get-ADSyncServerConfiguration output from staging server to c:\temp\compare\Data\Contoso\Pilot
- Copy Get-ADSyncServerConfiguration output from primary server to c:\temp\compare\Data\Contoso\Pilot\Production
- Run AzureADConnectSyncDocumenter-Contoso.cmd
- HTML output will the there on c:\temp\compare\Report
- This will show all the configuration difference
Compare Azure AD connect metaverse data:
- Login to staging AADC Servers
- Open CMD and run “%ProgramFiles%\Microsoft Azure AD Sync\bin”
- Run below command to export MV data content
- csexport “Name of Connector” %temp%\export.xml /f:x
- Copy the PowerShell script from the section CSAnalyzer to a file named csanalyzer.ps1
- Run below command from the copied location
- .\csanalyzer.ps1 -xmltoimport %temp%\export.xml
- Number of processedusers*.csv files have been created
- Which shows a number of actions (add/remove/update) waiting to update Azure AD from on-prime AD
- If you swing this staging box to primary one then all these changes will be get updated to Azure AD and we don’t want this to happen
- So the output object/change list should be null or minimal which won’t affect the already synchronized objects
Above procedure can help you to confirm the current status of primary and staging AADC servers before swapping the roles between then and this needs to be done periodically to make sure you can use the staging box any time in the instance of primary failure as disaster recovery (DR)
Will discuss more on how this difference is coming as both the servers are doing the same action and how to avoid this not happening again, also how to fix staging Serve if the difference is more on my upcoming articles
Also Read: Awaiting Export Confirmation Error on Azure AD Connect
Other Azure AD and more about Cloud Computing