How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr

Using Azure AD connect you can sync on prem user identities/attributes and passwords to Azure AD. Azure AD connect installation and configuration is very straight forward if we use (express settings 🙂 ).

I’ve a video tutorial here which helps you to understand the AAD connect configuration, How to enable MFA for Azure AD join Windows 10 device and Twitter app integration with Azure AD.

In this post, I’m going to cover two other topics related to Azure AD (AAD) Sync.

  1. Where is the Scheduled Task used to get created for Azure AD?
  2. How to Create a service connection point in on-premises Active Directory?
  3. Video Tutorial – How to Sync On Prem AD User accounts With Azure AD

Windows 10 MDM devices can write back to on prem AD more details available here. AAD Connect is mandatory for the write back feature of Windows 10 devices.  

Patch My PC

Earlier versions of Azure AD connect used  Windows task scheduler to schedule the Azure AD sync of on-prem objects and attributes. The latest version of Azure AD connect has a sync engine inbuilt. Hence we won’t find a scheduled task for AAD Connect. 

The new default synchronization frequency is 30 minutes. We can change the AD Sync Schedule using the PowerShell command “Get-ADSyncScheduler” and other parameters documented here. Window  

How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr
How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr

  PS C:\Users\anoop\Desktop> Get-ADSyncSchedulerAllowedSyncCycleInterval            : 00:30:00
CurrentlyEffectiveSyncCycleInterval : 00:30:00
CustomizedSyncCycleInterval         :
NextSyncCyclePolicyType             : Delta
NextSyncCycleStartTimeInUTC         : 26-05-2016 02:06:23
PurgeRunHistoryInterval             : 7.00:00:00
SyncCycleEnabled                    : True
MaintenanceEnabled                  : True
StagingModeEnabled                  : False

1E Nomad

I was getting trouble to Create a service connection point in on-premises Active Directory. This service connection point is used for “Connect domain-joined devices to Azure AD for Windows 10 experiences“. I followed the documentation here to configure service connection point in on-prem AD but was getting stuck with PowerShell Commands. I ran the PowerShell commands as per the above documentation however with no luck.

After that, I installed the appropriate version of the Windows Azure Active Directory Module for Windows PowerShell and then . Then tried to run the following PowerShell commands and that worked like a champ !

How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr
How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr
PS C:\Users\anoop\Desktop> Connect-MsolService

PS C:\Users\anoop\Desktop> Import-Module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\AdPrep\AdSyncPrep.psm1"

PS C:\Users\anoop\Desktop> Initialize-ADSyncDomainJoinedComputerSync

cmdlet Initialize-ADSyncDomainJoinedComputerSync at command pipeline position 1
Supply values for the following parameters:
AdConnectorAccount: nair\Anoop
AzureADCredentials
Initializing your Active Directory forest to sync Windows 10 domain joined computers to Azure AD.
Configuration Complete

How to Sync On Prem AD User accounts With Azure AD

httpv://www.youtube.com/watch?v=embed/14kIKSp35Rw
How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr

Resources

5 thoughts on “How to Sync On-Prem AD Users with Azure AD Intune ConfigMgr”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.