Archive

Category Archives for "Azure"

Goodbye Azure RemoteApp, Hello Citrix XenApp Express

Microsoft is discontinuing Azure RemoteApp and replacing it with a Citrix solution. This changes the Desktops as a Service landscape, read on to find out all the details.

What is Azure RemoteApp? RemoteApp allows you to deploy Windows applications in the Azure cloud and access them from a range of devices. Originally known as "Mohoro", Azure RemoteApp was released in December 2014.

Continue reading

DirectorySyncClientCmd manual sync error Azure AD Connect Upgrade

If you have upgraded to Azure AD Connect 1.1, manual sync won’t work anymore but I’ll show you how to fix it. If you're getting a DirectorySyncClientCmd error, you will want to read this rest of this post.

Azure AD Connect (AAD Connect) 1.1 was released last week.  I went through on how to upgrade to this version and why it’s an important release - Azure AD Connect 1.1 – How to upgrade.

​One reason to upgrade is that the Azure AD Connect 1.1 automatic sync schedule has been reduced from 3 hours to 30 minutes. This is great but there will be times when you want to run a manual sync outside of that set schedule.

DirectorySyncClientCmd error

Microsoft has changed how scheduling working in Azure AD Connect 1.1. Previously you would run the DirectorySyncClientCmd.exe command:

​DirectorySyncClientCmd.exe delta

Now with Azure AD Connect 1.1 this command won't work, mostly because DirectorySyncClientCmd.exe doesn’t exist anymore!

DirectorySyncClientCmd error

Microsoft explain this change with how scheduling is handled in AAD Connect 1.1:

In earlier releases the scheduler for objects and attributes was external to the sync engine and the Windows task scheduler or a separate Windows service was used to trigger the synchronization process.

How To Run Manual Azure AD Connect 1.1 Manual Sync

With DirectorySyncClientCmd.exe gone, it's still thankfully simple to run a manual sync.

The scheduler will by default run every 30 minutes.  It could be that you have an urgent change which must be synchronized immediately which is why you need to manually run a cycle.

The replacement for DirectorySyncClientCmd is to run is Start-ADSyncSyncCycle.  Here is how to run a delta manual sync in Azure AD Connect 1.1:

Start-ADSyncSyncCycle -PolicyType Delta

If you ever need to run a full sync

Start-ADSyncSyncCycle -PolicyType Initial

Microsoft list the reasons when a full sync is needed:

  • ​Added more objects or attributes to be imported from a source directory
  • Made changes to the Synchronization rules
  • Changed filtering so a different number of objects should be included

I ran Start-ADSyncSyncCycle from the AAD Connect server in PowerShell.

For more information check out Microsoft's page - Azure AD Connect sync: Scheduler.  I hope this post was of use, it caught us out when we upgraded.  As you can see it's simple to use the new command instead.

Azure AD Connect 1.1 – How to upgrade

Azure AD Connect 1.1 is out, now with much faster sync times and other cool new features. Read on to see how the upgrade works and why you should probably upgrade too.  

UPDATE:  You won't be able to run manual sync once you have upgraded.  Read all about it here along with the solution -  DirectorySyncClientCmd manual sync error Azure AD Connect Upgrade.

UPDATE 2: If you recently upgraded to version 1.1, make sure you have version 1.1.110.0, which was released on the 26th February.  This fixes some bugs in the initial version.  See resources section for links.

What is Azure AD Connect?

Azure AD Connect syncs account information from your on-premise Active Directory into the cloud.  If you're still using the older Directory Synchronization (DirSync) tool, you really should look into Azure AD Connect.

Azure AD Connect

Azure AD Connect is the tool to integrate your on-premises identity system such as Windows Server Active Directory with Azure Active Directory and connect your users to Office 365, Azure and 1000’s of SaaS applications.

Azure AD Connect 1.1

Microsoft announced ​Azure AD Connect 1.1 yesterday, with these new features

  • ​Reduction in the sync interval to keep your Azure AD in sync with AD on-premises more quickly
  • Support for automatic upgrades
  • Ability to switch between sign-in methods through the wizard to enable faster pilots
  • Support for Domain and OU filtering within the wizard

What stood out for me was the faster sync times. Up until now the shortest supported frequency was syncing every three hours, with Azure AD Connect 1.1 it's now 30 minutes.

The faster sync times are really welcome, as it means any changes you make on-premise will be reflected in the cloud that much sooner.  When setting up new staff especially on Office 365, the faster sync will make a big difference. 

How to Upgrade Azure AD Connect

I already have a recent version of AAD Connect installed, so an in-place upgrade is a breeze. See the resource section below for a link on how to upgrade from DirSync.

The setup recognizes this is an upgrade:  

Azure AD Connect Upgrade

Then connect to Azure AD.  I did have one issue with this, where I specified the username to connect to Azure AD, it said the account had an expired password.  

After resetting the password and checking out this guidance 'Office 365 Service Accounts–How do I stop DIRSYNC from breaking every 90 days…' I continued.

Azure AD Connect Upgrade

Then upgrade is ready to go:

Azure AD Connect Upgrade

That was quick, after a few minutes the upgrade had completed successfully: 

Azure AD Connect Upgrade

​Check the frequency of Azure AD Connect

Now let's make sure we have that 30 minute sync schedule that's newly supported in this version. From your AAD Connect server run this PowerShell command

​Get-ADSyncScheduler

This reports back something like this:

Azure AD Connect Sync Schedule

After checking out what this means, it confirms we have the shorted permissible sync time  

​AllowedSyncCycleInterval: The most frequently Azure AD will allow synchronizations to occur. You cannot synchronize more frequently than this and still be supported.

​CurrentlyEffectiveSyncCycleInterval: The schedule currently in effect. It will have the same value as CustomizedSyncInterval (if set) if it is not more frequent than AllowedSyncInterval. If you change CustomizedSyncCycleInterval, this will take effect after next synchronization cycle

Syncing with version 1.1 is now built-in to the sync engine rather than being external.

What else?

​There are lots of other new features, support for Modern Authentication when specifying an MFA enabled admin account during installation, Domain/OU filtering and more.  Check out the release history for lots more details.