none
Azure Active Directory Connector - completed-no-objects RRS feed

  • Question

  • I am trying to pull data out of Azure AD using the FIM Azure Connector.

    I have:

    • Installed the Beta Microsoft Online Sign-In Assistant (7.250.4551.0)
    • I am using FIM Sync version 4.1.3508.0
    • Installed the Azure AD connector (1.0.6635.69)
    • Granted permissions to the MSOLCoExistence registry key
    • Activated Directory Sync under Directory Integration in the Azure portal
    • Created an Azure management agent in the Sync engine (specified the credentials, object types, attributes, etc.)
    • Created a Full Import run profile
    • Ran the Full Import

    When I did all of this I got a successful run of the management agent with a status of completed-no-objects. (And of course I don't get any imported records.)

    If I look in the event logs, I see an info message from the "Directory Synchronization" that looks like:

    Import::Iteration: 1, Current batch size: 0, Imported total: 0, More: False,TrackingId: d2f02eac-0186-471b-ab49-cbcf85ace0ef, SyncCookie: ...

    So it appears that it is talking to Azure.

    Any suggestions as to what I am missing? My Azure AD has three records in it (the subscription account, the global admin user that I set up for the connector, and a basic test user), and none of these records came down on the Full Import run.

    Edit: Of course after posting this question I found this thread, which asks a similar question. No idea why it came up as a related thread, and not in my initial search. Anyway my need is to pull down Azure accounts that have no on-premises representation. Is this possible?

    Thanks

    Rex




    • Edited by Rex Wheeler Tuesday, March 17, 2015 8:54 PM
    Tuesday, March 17, 2015 8:43 PM

Answers

  • There shouldn't be anything stopping you from doing this, all you need to do is set the ImmutableID for your users in PowerShell, then import your objects into the connector space. The only side note I would add - I have seen cases where the information in Azure/O365 does not match up to the black box that the WAAD connector talks to.


    Wednesday, March 18, 2015 6:43 AM

All replies

  • There shouldn't be anything stopping you from doing this, all you need to do is set the ImmutableID for your users in PowerShell, then import your objects into the connector space. The only side note I would add - I have seen cases where the information in Azure/O365 does not match up to the black box that the WAAD connector talks to.


    Wednesday, March 18, 2015 6:43 AM
  • Thanks. Manually adding the Immutable ID worked for me.

    Another interesting thing I noticed is that the userPrincipalName attribute only seems to come down if it was set by DirSync. Even though the PowerShell add ins show values for the UPN and you can change the UPN with PowerShell, it doesn't seem to come down via the FIM connector for objects that were not originally synchronized from an on-premises AD. (I haven't done extensive testing yet, but this is how it appears.)

    Wednesday, March 18, 2015 8:31 PM
  • Sorry for opening up this post again but I have a problem with the FIM 2010 Azure Connector.

    In a GAL Sync scenario I need to synchronize "Cloud only" users from Azure AD to an onprem AD using FIM.

    As far as I understand (and have tested) this is not possible without the ImmutableID attribute being populated.

    In my source environment there is not AAD Connect that synchronizes Users from onprem to the cloud. Users are managed manually and therefore the ImmutableID attribute is empty in Azure AD.

    Any idea how I can synchronize the cloud only users to my local AD using FIM?

    Thanks

    Chris

    Friday, November 11, 2016 10:50 AM