After the release of Azure Active Directory Connect tool (http://blogs.technet.com/b/ad/archive/2015/06/24/azure-ad-connect-amp-connect-health-is-now-ga.aspx?linkId=15101770) I upgraded a customer without any big issues, but we saw some things I would like to share.
The upgrade process is very simple wizard, just click Next, Next, Finish. No issues here
But after the upgrade we had an issue with some performance counters that was not created, with this event message
Log Name: Application
Source: ADSync
Event ID: 6313
Task Category: Server
Level: Error
Description:
The server encountered an unexpected error creating performance counters for management agent “DOMAIN”.
Performance counters will not be available for this management agent.
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”>
<System>
<Provider Name=”ADSync” />
<EventID Qualifiers=”32768″>6313</EventID>
<Level>2</Level>
<Task>3</Task>
<Keywords>0x80000000000000</Keywords>
<EventRecordID>4124</EventRecordID>
<Channel>Application</Channel>
<Security />
</System>
</Event>
To resolve this issue perform these steps
Disable the synchronize task in Task Scheduler
Backup registry key: HKLM\SYSTEM\CurrentControlSet\Services\ADSync
Remove the registry key: HKLM\SYSTEM\CurrentControlSet\Services\ADSync\Performance
Create an empty registry key: HKLM\SYSTEM\CurrentControlSet\Services\ADSync\Performance
Run these commands
Net Stop ADSync
Unlodctr.exe ADSync
Lodctr.exe “C:\Program Files\Microsoft Azure AD Sync\Bin\mmsperf.ini”
Net start ADSync
Enable the synchronize task in Task Scheduler
Later we discovered that the password sync was not complete so we needed to intialize a full password sync.
And just for the record, the following command will NOT initialize a password sync
“C:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe” initial
You need a PowerShell script that looks like this
$adConnector = “<Your source AD>” # Example “ad.contoso.com”
$aadConnector = “<Your target Azure AD>” # Example “tenent.onmicrosoft.com – AAD”Import-Module adsync
$c = Get-ADSyncConnector -Name $adConnector
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter “Microsoft.Synchronize.ForceFullPasswordSync”, String, ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c.GlobalParameters.Remove($p.Name)
$c.GlobalParameters.Add($p)
$c = Add-ADSyncConnector -Connector $cSet-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $true
Look out in the Application log for event id like this for password sync process
| 650 | Provision credentials batch start |
| 656 | Password Change Request |
| 651 | Provision credentials batch end |
| 657 | Password Change Result |
| 605 | Password changes failed to synchronized and have scheduled for retry |
DeployWindows 