Azure AD Connect Sync Features

The Azure AD Connect’s synchronisation feature has the following components 

• On-Premise component: This component is called the Azure AD Connect Sync or the Sync Engine.
• Residing service in Azure AD: It is also known as the Azure AD Connect sync service.  

The settings for Azure AD Connect is configured with Azure Active Directory Windows Powershell module. It has to be downloaded and installed separately from Azure AD Connect.  

It would be best if you ran Get-MsolDirSync Features. To check the configuration of your Azure AD Directory.  

Set-MsolDirSyncFeature can configure the following settings: 

After you have enabled a feature, it cannot be disabled again. The following are the settings: 

Duplicate attribute resiliency 

It is default enabled in Azure AD Directories. A temporary value is assigned to the duplicated attribute which helps stop failure of provisioning objects with duplicate proxyaddresses or UPNs. As soon as the conflict is resolved, UPN is modified to the appropriate value automatically. 

UserPrincipalName soft match 

On enablement of this feature, in addition to primary SMTP address UPN soft match is enabled. Soft match is used for matching existent Azure AD cloud users with users on-premise. This feature is specifically helpful for matching on-premise Azure AD accounts with already existing accounts, when Exchange Online is not being used by you.  This feature negates the need for setting up SMTP attribute in the cloud. The feature is default enabled for newly formed Azure directories 

PowerShellCopy 

Get-MsolDirSyncFeatures -Feature EnableSoftMatchOnUpn  

If this feature is not default enabled for the Azure AD directory, you can run the following script to enable it Power Shell Copy Set-MsolDirSync Feature -Feature Enable Soft Match OnUpn -Enable $true  

Synchronize userPrincipalName updates 

It allows synchronization of UPN changes for federated accounts. Using the Azure AD Connect sync service for making updates to the attribute of User Principal Name, on-premise has to stop unless the following conditions are meets.  

• It is a non-deferated account (user is managed) 
• License has not been assigned to the user. 

By enabling the Synchronize Username principal feature, you can use the sync engine to update the user principal name when modified on-premises.  

This feature is default enabled for newly formed Azure AD directories. You can run the following script to check whether the feature is enabled.  

PowerShellCopy 

Get-MsolDirSyncFeatures -Feature SynchronizeUpnForManagedUsers 

iSmile technologies offers free consultation with an expert, talk with an expert now