Azure AD Connect Health– Implementing and Managing Identity Synchronization with Azure AD

Azure AD Connect Health– Implementing and Managing Identity Synchronization with Azure AD

You can browse the Azure AD Connect Health portal at https://aka.ms/aadconnecthealth. From there, you will be able to view basic details about your environment as well as obtain agent installation packages. See Figure 4.16:

Figure 4.16 – Azure Active Directory Connect Health

While Azure AD Connect Health Agent for Sync is included in the Azure AD Connect installation, the health agents for DS and AD FS are separate installations and must be downloaded separately:

If you do not have AD FS deployed in your environment, you do not need to deploy the AD FS agents.

Azure AD Connect Health for Sync

The core health product, Azure AD Connect Health for Sync, shows the current health of your synchronization environment, including object synchronization problems and data-related errors.

You can view the health status and identified errors by selecting Sync errors under Azure Active Directory Connect (Sync) in the Azure AD Connect Health portal (https://aka.ms/aadconnecthealth), as shown in Figure 4.17:

Figure 4.17 – Azure AD Connect Health Sync errors

Selecting an error type will allow you to drill down into individual errors. Figure 4.18 shows an example where Azure AD Connect Health has detected two objects with the same address:

Figure 4.18 – Azure AD Connect Health error details

You can use this information to identify and troubleshoot on-premises objects.

Azure AD Connect Health for Directory Services

Microsoft recommends deploying Azure AD Connect Health for DS agents on all domain controllers you want to monitor, or at least one for each domain.

The Azure AD Connect Health agent deployment is relatively straightforward, asking only for credentials to complete the installation. Once the installation is complete, you can review details about your domain controller’s health in the Azure AD Connect Health portal at https://aka. ms/aadconnecthealth.

From the Azure AD Connect Health page, under Active Directory Domain Services, select AD DS services, as shown in Figure 4.19, and then select a domain to view its details:

Figure 4.19 – Azure AD Connect Health AD DS services

The health services agents display a variety of details about the environment, including replication errors, LDAP bind operations, NTLM authentication operations, and Kerberos authentication operations. See Figure 4.20:

Figure 4.20 – Azure AD Connect Health for DS detail page

Errors that are detected here should be resolved in your on-premises AD environment.

Leave a Reply

Your email address will not be published. Required fields are marked *