Hello Everyone!
I had to make a modification to syncing objects from my AD on Prem to Azure AD, to do this I canceled the sync and then wanted to resume it.
When running Azure AD Connect again, I found that it gave the error that it was in PedingDisable state.
As I have read, this process could take up to 72 hours before one can resume again, but more than 96 hours have already passed, and it is still in that state.
I would appreciate any help.
@AndresNB-5108
Please let us know if the replies below helped resolve your question. If so, please remember to "mark as answer" so that others in the community facing similar issues can easily find a solution.
Hello!
After several days in contact with Microsoft Support, synchronization was disabled and now I find the possibility to resume it.
I am going to leave you a tip that has been confirmed for me and I hope it will serve all those who are going through a situation like this:
If the process takes 72 hours and remains in the same state (72 hours that are actually listed in the Microsoft documentation), and this has been confirmed by themselves, given the demand they have had on their Servers, those 72 hours have been converted into 120 Hs.
Therefore, they must now wait 120 hours before considering that they are facing a problem.
I thank you again for the support.
I strongly recommend engage Microsoft support, based on support agreement you have, mostly this is service side issue and needs to be addressed from backend,, there is very little you you can do
Hello JaiVerma-7010,
Thanks for your answer.
Based on your instructions, I already opened a case with Microsoft with the information obtained from the execution of those scripts. I hope to have news from them soon.
Hello @AndresNB-5180 ,
You can try the following cmdlts to resolve this issue. You need to convert the domain and all users to cloud-only authentication.
Set-MsolDomainAuthentication -DomainName domain.com -Authentication managed
Convert-MsolFederatedUser -UserPrincipalName user@domain.com
Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion
Regards,
Manu
Hello ManuPhilip,
Thanks for your answer.
It is not clear to me: would this apply if I had the domain federation enabled? Because in my case it is not like that.
On the other hand, what impact does the execution of these commands have? Could it aggravate the situation?
Hi,
Yes you are right. This cmdlet helps on a federated environment and the steps are suggested by Microsoft to resolve the known issue.
While, you are working with support, you can check and collect the following details. Login to your tenant and get the details
$cred = get-credential
Connect-MSOLService -credential $cred
(Get-MSOLCompanyInformation).DirectorySynchronizationEnabled
If it returns True, Dir.sync is activated. False indicates not yet activated. If this takes more than 72 hours (in your case), support can help to resolve the issue. You can supply them the following outputs
(Get-MSOLCompanyInformation).objectID
(Get-MSOLCompanyInformation).AuthorizedServiceInstances
Good Luck !
Regards,
Manu
Can I make a suggestion once this is resolved? You should have at least two AADConnect servers. This will allow you make your changes on a server in Staging Mode, then setting that one to "primary" and exporting to Azure if the changes are successful. If you encounter an issue, you can leave the unchanged server as the primary, exporting server while you troubleshoot on the staging server.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-staging-server
21 people are following this question.
