When it comes to hybrid AD setup, we have to work with whole different types of issues than on-premises AD environments. Azure AD is a managed service by Microsoft, so there is nothing we can do to manage its health. Therefore, most of the hybrid AD issues are related to connectivity, Directory sync or authentication methods (password hash, pass-through authentication, federated). The main component which connects on-premises Active Directory environment with Azure AD is Azure AD Connect. So most of the issues in hybrid environment can also related to Azure AD Connect. In this blog post, we are going to look in to some of the most common Azure AD connect issues and learn how we can recover from those.
Azure AD Connect requires connectivity to Azure AD to do the directory synchronization. Azure AD connect server also need to be able to communicate with on-premises Active Directory Domain Controller. When there is directory synchronization issues, we will see following symptoms.
• New user accounts added in on-premises Active Directory, does not appears in Azure AD or taking long time to appear (more than 30 minutes ).
• After on-premise user change their password, he/she cant authenticate to Azure AD.
• If password-writeback feature is been used, password reset in Azure AD does not work for on-premise users.
• We can see synchronization errors under Azure AD Connect health.
• When there are directory sync issues, Azure AD will also send email notification to directory administrators.