Azure AD Connect is Currently in a pending disable state after 96 Hs

AndresNB 96 Reputation points
2020-06-07T00:00:15.997+00:00

Hello Everyone!

I had to make a modification to syncing objects from my AD on Prem to Azure AD, to do this I canceled the sync and then wanted to resume it.

When running Azure AD Connect again, I found that it gave the error that it was in PedingDisable state.

As I have read, this process could take up to 72 hours before one can resume again, but more than 96 hours have already passed, and it is still in that state.

I would appreciate any help.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,470 questions
Accepted answer
  1. AndresNB 96 Reputation points
    2020-06-13T01:44:01.087+00:00

    Hello!

    After several days in contact with Microsoft Support, synchronization was disabled and now I find the possibility to resume it.

    I am going to leave you a tip that has been confirmed for me and I hope it will serve all those who are going through a situation like this:

    If the process takes 72 hours and remains in the same state (72 hours that are actually listed in the Microsoft documentation), and this has been confirmed by themselves, given the demand they have had on their Servers, those 72 hours have been converted into 120 Hs.

    Therefore, they must now wait 120 hours before considering that they are facing a problem.

    I thank you again for the support.

    0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jai Verma 461 Reputation points
    2020-06-07T03:50:05.577+00:00

    I strongly recommend engage Microsoft support, based on support agreement you have, mostly this is service side issue and needs to be addressed from backend,, there is very little you you can do

    1 person found this answer helpful.
  2. Manu Philip 16,971 Reputation points MVP
    2020-06-07T04:07:41.943+00:00

    Hello @AndresNB ,

    You can try the following cmdlts to resolve this issue. You need to convert the domain and all users to cloud-only authentication. 

    Set-MsolDomainAuthentication -DomainName domain.com -Authentication managed  
Convert-MsolFederatedUser -UserPrincipalName user@domain.com

    Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion

    Regards,

    Manu

  3. Manu Philip 16,971 Reputation points MVP
    2020-06-07T04:36:19.593+00:00

    Hi,
    Yes you are right. This cmdlet helps on a federated environment and the steps are suggested by Microsoft to resolve the known issue.
    While, you are working with support, you can check and collect the following details. Login to your tenant and get the details 

    $cred = get-credential 
Connect-MSOLService -credential $cred 
(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled

    If it returns True, Dir.sync is activated. False indicates not yet activated. If this takes more than 72 hours (in your case), support can help to resolve the issue. You can supply them the following outputs 

    (Get-MSOLCompanyInformation).objectID 
(Get-MSOLCompanyInformation).AuthorizedServiceInstances

    Good Luck !

    Regards,
    Manu

    0 comments
  4. Andy David 701 Reputation points
    2020-06-07T11:54:13.547+00:00

    Can I make a suggestion once this is resolved? You should have at least two AADConnect servers. This will allow you make your changes on a server in Staging Mode, then setting that one to "primary" and exporting to Azure if the changes are successful. If you encounter an issue, you can leave the unchanged server as the primary, exporting server while you troubleshoot on the staging server.

    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server

    0 comments