Sign in Subscribe
Azure

Azure AD Connect: Customize Synchronization Interval

Sakaldeep Yadav

3 min read

After installation of the Azure AD Connect tool for hybrid identity management, the first thing System Admin wants to change is the default synchronization interval. Even though this task can be done using GUI and PowerShell, this post will focus on PowerShell command-lets. The current default synchronization interval is 30 minutes which might be so frequent for some organizations or it might be too delayed for some organizations. Before diving into the process of customizing sync interval, first, let's understand the basic concept of the Azure AD Sync cycle.

Azure AD Connect sync synchronizes changes occurring in the on-premises directory using a scheduler. There are two scheduler processes, one for password sync and another for object/attribute sync and maintenance tasks.

In earlier releases, the scheduler for objects and attributes was external to the sync engine. It used a Windows task scheduler or a separate Windows service to trigger the synchronization process. The schedule is with the 1.1 releases built-in to the sync engine and does allow some customization.

The scheduler is responsible for two tasks:

  • Synchronization cycle. The process to import, sync, and export changes.
  • Maintenance tasks. Renew keys and certificates for Password reset and Device Registration Service (DRS).

The scheduler itself is always running, but it can be configured to only run one or none of these tasks. For example, if you need to have your own synchronization cycle process, you can disable this task in the schedule but still run the maintenance task.

Customize Sync Scheduler

First, let's check the current synchronization interval using the PowerShell command Get-ADSyncScheduler. It shows you something like this below.

customize sync schedular

Here, we can see currently effective sync cycle interval is 30 minutes and the next sync cycle start time is 6:43:17 AM along with other parameters. You can customize the default values using different parameters shown below in the PowerShell command Set-ADSyncScheduler.

  • CustomizedSyncCycleInterval
  • NextSyncCyclePolicyType
  • PurgeRunHistoryInterval
  • SyncCycleEnabled
  • MaintenanceEnabled

Command to change SyncCycleInterval

Set-ADSyncScheduler -CustomizedSyncCycleInterval d.HH:mm:ss

d – days, HH – hours, mm – minutes, ss – seconds

Example 1:

Set-ADSyncScheduler -CustomizedSyncCycleInterval 01:00:00
1

Changes the scheduler to run every 1 hour.

Example 2:

Set-ADSyncScheduler -CustomizedSyncCycleInterval 2.0:0:0
2

Changes change the scheduler to run every 2 days.

Start the scheduler

The scheduler runs every 30 minutes by default or as per the customized interval but a sync cycle in between the scheduled cycles can be run using Start-ADSyncSyncCycle -PolicyType PowerShell command. There are three (Delta, Initial and Unspecified) types of sync cycle as shown below.

3

Delta sync cycle
A delta sync cycle includes the following steps:

  • Delta import on all Connectors
  • Delta sync on all Connectors
  • Export on all Connectors

It could be that you have an urgent change that must be synchronized immediately, which is why you need to manually run a cycle. If you need to manually run a cycle, then from PowerShell run Start-ADSyncSyncCycle -PolicyType Delta.

4

Initial sync cycle
If you have made one of the following configuration changes, you need to run an initial full sync cycle also known as a full sync cycle.

  • Added more objects or attributes to be imported from a source directory
  • Made changes to the Synchronization rules
  • Changed filtering so a different number of objects should be included

If you have made one of these changes, then you need to run an initial sync cycle so the sync engine has the opportunity to reconsolidate the connector spaces. A full sync cycle includes the following steps:

  • Full Import on all Connectors
  • Full Sync on all Connectors
  • Export on all Connectors

To initiate a full sync cycle, run Start-ADSyncSyncCycle -PolicyType Initial from a PowerShell prompt. This command starts a full sync cycle.

5

You can run any type of sync cycle manually as per the requirement and get all the objects updated in your hybrid infrastructure.