Entra Connect & Cloud Sync Entra Connect & Cloud Sync
Referenz für Hybrid-Synchronisierung, Authentifizierungsmethoden, Cloud Sync und Betrieb von Entra Connect. Reference for hybrid synchronization, authentication methods, Cloud Sync, and Entra Connect operations.
Vergleich
Comparison
Entra Connect ist der klassische Hybrid-Sync-Stack, Cloud Sync fokussiert auf agentenbasierte Synchronisierung mit weniger Infrastruktur. Entra Connect is the classic hybrid sync stack, while Cloud Sync focuses on agent-based synchronization with less infrastructure.
Authentifizierung
Authentication
PHS, PTA und Federation unterscheiden sich vor allem in Passwortprüfung, Betriebsmodell und Abhängigkeiten. PHS, PTA, and federation mainly differ in password validation location, operational model, and dependencies.
Filter
Filtering
Domänen-, OU-, Attribut- und Gruppenfilter bestimmen, welche Objekte in die Cloud gelangen. Domain, OU, attribute, and group filters determine which objects reach the cloud.
Betrieb
Operations
Monitoring, Staging und saubere Migration verhindern Ausfälle bei Hybrid-Identität. Monitoring, staging, and clean migration prevent outages in hybrid identity.
Entra Connect vs. Cloud Sync Entra Connect vs Cloud Sync
| Kriterium Criterion | Entra Connect Entra Connect | Cloud Sync Cloud Sync |
|---|---|---|
| Architektur Architecture | Zentraler Sync-Server mit SQL/LocalDB und Regeln Central sync server with SQL/LocalDB and rules | Leichter Agent plus Cloud-Konfiguration Lightweight agent plus cloud configuration |
| Funktionsumfang Feature breadth | Sehr umfangreich Very broad | Gezielter und moderner Focused and modern |
| Geräteobjekte Device objects | Breite Hybrid-Unterstützung Broad hybrid support | Eingeschränkter je Szenario More limited depending on scenario |
| Exchange Hybrid Exchange hybrid | Stark etabliert Well established | Nicht primärer Schwerpunkt Not the primary focus |
| Writeback Writeback | Mehr Optionen More options | Weniger Optionen Fewer options |
| Komplexe Regeln Complex rules | Ja Yes | Begrenzt durch Expressions Limited by expressions |
| Betriebsaufwand Operational overhead | Höher Higher | Niedriger Lower |
| HA / Staging HA / staging | Staging Mode Staging mode | Mehrere Agenten Multiple agents |
| Best Fit Best fit | Klassische Hybridumgebungen Classic hybrid environments | Cloud-first und vereinfachte Topologien Cloud-first and simpler topologies |
Entra Connect Architektur Entra Connect architecture
Entra Connect besteht aus AD Connector, Metaverse, Synchronisierungsregeln und dem Export nach Entra ID. Optional kommen Pass-Through-Authentication-Agenten, Seamless SSO und Connect Health hinzu. Entra Connect consists of the AD connector, metaverse, synchronization rules, and export to Entra ID. Optional components include pass-through authentication agents, Seamless SSO, and Connect Health.
| Komponente Component | Aufgabe Role | Hinweis Operational note |
|---|---|---|
| AD Connector AD connector | Importiert Objekte und Attribute aus AD DS Imports objects and attributes from AD DS | Mehrere Forests möglich Multiple forests possible |
| Metaverse Metaverse | Konsolidiert Identitätsdaten Consolidates identity data | Zentrales Matching Central matching |
| Sync Rules Sync rules | Transformation und Flusslogik Transformation and flow logic | Custom Rules dokumentieren Document custom rules |
| Export Connector Export connector | Schreibt nach Entra ID Writes to Entra ID | Export-Fehler aktiv überwachen Monitor export errors |
| PTA Agents PTA agents | Validieren Passwörter on-premises Validate passwords on-premises | Mehrere Agenten für HA Use multiple agents for HA |
| Seamless SSO Seamless SSO | Kerberos-basierter Komfortlogin im Intranet Kerberos-based convenience login on the intranet | Nicht mit jedem Browser-Szenario identisch Behavior varies by browser scenario |
| Connect Health Connect Health | Monitoring und Warnungen Monitoring and alerts | Lizenz- und Agentvoraussetzungen prüfen Check license and agent prerequisites |
Authentifizierungsmethoden Authentication methods
| Methode Method | Passwortprüfung Password validation | Komponenten Components | Stärken Strengths | Trade-offs Trade-offs |
|---|---|---|---|---|
| PHS PHS | Hash-Synchronisierung nach Entra ID Hash synchronized to Entra ID | Entra Connect Entra Connect | Einfach, resilient, unterstützt Cloud Smart Lockout Simple, resilient, supports cloud smart lockout | Passwortprüfung nicht on-prem live Password validation is not on-prem live |
| PTA PTA | On-prem über PTA-Agenten On-prem through PTA agents | Entra Connect + PTA Agents Entra Connect + PTA agents | Kein Hash in der Cloud notwendig No hash validation in the cloud | Abhängigkeit von Agenten und Netzwerk Depends on agents and network |
| Federation Federation | Externer IdP wie AD FS External IdP such as AD FS | AD FS / Dritt-IdP AD FS / third-party IdP | Erweiterte Anforderungen und Spezialfälle Advanced requirements and niche cases | Höchster Betriebsaufwand Highest operational overhead |
Empfehlung
Recommendation
Für die meisten neuen Hybrid-Deployments ist Password Hash Sync mit Seamless SSO und Conditional Access der bevorzugte Standard. For most new hybrid deployments, Password Hash Sync with Seamless SSO and Conditional Access is the preferred standard.
Installationsvoraussetzungen Installation prerequisites
- Unterstützte Windows-Server-Version und aktuelle Patches bereitstellen. Provide a supported Windows Server version with current patches.
- Dienstkonto, Enterprise Admin bzw. delegierte AD-Berechtigungen und Entra Global/Hybrid Identity Admin klären. Plan service accounts, Enterprise Admin or delegated AD permissions, and Entra Global/Hybrid Identity Admin roles.
- Outbound HTTPS zu Entra-Endpunkten und ggf. PTA/Health-Endpunkten erlauben. Allow outbound HTTPS to Entra endpoints and optionally PTA/Health endpoints.
- UPN-Suffixe, SourceAnchor/ImmutableId und ProxyAddresses vorab bereinigen. Clean up UPN suffixes, source anchor/ImmutableId, and proxyAddresses in advance.
Sync Rules Sync rules
Sync Rules bestimmen Join, Projection, Transformation und Export. Ändere Standardregeln nur sehr bewusst und dokumentiere jede Custom Rule mit Priorität, Richtung und Business-Zweck. Sync rules determine join, projection, transformation, and export. Modify default rules only with great care and document every custom rule with priority, direction, and business purpose.
PowerShell
PowerShell
# Delta Sync starten
Start-ADSyncSyncCycle -PolicyType Delta
# Vollständige Synchronisierung
Start-ADSyncSyncCycle -PolicyType Initial
# Scheduler prüfen
Get-ADSyncScheduler
Filtering: Domain, OU, Attribut, Gruppe Filtering: domain, OU, attribute, group
| Filtertyp Filter type | Wie How | Einsatz Typical use |
|---|---|---|
| Domain Domain | Gesamte AD-Domänen ein- oder ausschließen Include or exclude full AD domains | Mehrere Forests oder Testdomänen Multiple forests or test domains |
| OU OU | Bestimmte Organisationseinheiten synchronisieren Sync selected organizational units | Saubere Scope-Steuerung Clean scope control |
| Attribut Attribute | Custom Rules oder Cloud Sync Expressions Custom rules or cloud sync expressions | Nur Personen mit bestimmtem Flag Only people with a specific flag |
| Gruppe Group | Objekte über Gruppenmitgliedschaft filtern Filter objects by group membership | Pilotgruppen oder abgestufte Migration Pilot groups or phased migration |
Staging Mode Staging mode
Ein Server im Staging Mode importiert und synchronisiert intern, exportiert aber nicht nach Entra ID. Das ist essenziell für Disaster Recovery, Versionswechsel und sichere Migration von Active Servers. A server in staging mode imports and synchronizes internally but does not export to Entra ID. This is essential for disaster recovery, version changes, and safe migration from active servers.
Seamless SSO und Password Writeback Seamless SSO and password writeback
Seamless SSO verbessert den Benutzerkomfort im Intranet, ersetzt aber keine starke Authentifizierung. Password Writeback ermöglicht Self-Service Password Reset zurück in AD DS und erfordert passende Lizenzen sowie Konfiguration. Seamless SSO improves user convenience on the intranet, but it does not replace strong authentication. Password writeback enables self-service password reset back to AD DS and requires the proper licenses and configuration.
- Aktiviere Password Writeback nur nach Abstimmung mit AD-Sicherheitsrichtlinien. Enable password writeback only after aligning with AD security policies.
- Teste SSPR-Ende-zu-Ende inkl. Passwortkomplexität und Lockout-Verhalten. Test SSPR end to end including password complexity and lockout behavior.
- Beachte Browser- und Zonenanforderungen für Seamless SSO. Consider browser and zone requirements for Seamless SSO.
Cloud Sync Cloud Sync
Cloud Sync nutzt leichte Agents und cloudgesteuerte Konfiguration. Das vereinfacht Betrieb und Updates, deckt aber nicht jeden Spezialfall von Entra Connect ab. Cloud Sync uses lightweight agents and cloud-managed configuration. This simplifies operations and updates, but it does not cover every Entra Connect edge case.
| Baustein Building block | Funktion Function | Hinweis Note |
|---|---|---|
| Provisioning Agent Provisioning agent | Verbindet AD mit dem Cloud-Service Connects AD to the cloud service | Mehrere Agenten für Verfügbarkeit Use multiple agents for availability |
| Configuration Configuration | Definiert Scope, Mapping und Matching Defines scope, mapping, and matching | Im Portal verwaltet Managed in the portal |
| Expression Builder Expression builder | Transformiert Attribute Transforms attributes | Gut für leichte Logik Good for light logic |
| Scoping Filter Scoping filter | Begrenzt Objekte Limits objects | Hilfreich für Pilot und Phasenmigration Useful for pilot and phased migration |
Monitoring mit Connect Health Monitoring with Connect Health
Connect Health überwacht Sync, AD FS und PTA-Agenten. Ergänze es durch lokale Event Logs, Entra Audit Logs und ein dokumentiertes Betriebsdashboard. Connect Health monitors sync, AD FS, and PTA agents. Complement it with local event logs, Entra audit logs, and a documented operations dashboard.
Troubleshooting Troubleshooting
| Fehlerbild Issue | Mögliche Ursache Possible cause | Erste Maßnahme First action |
|---|---|---|
| Duplicate Attribute Duplicate attribute | UPN, proxyAddress oder sourceAnchor doppelt Duplicate UPN, proxyAddress, or sourceAnchor | Objektkonflikte im AD bereinigen Resolve object conflicts in AD |
| Export Error Export error | Attributverstoß oder fehlende Berechtigung Attribute violation or missing permission | Export Error Detail im Sync Manager prüfen Check export error detail in Sync Manager |
| Large object delta Large object delta | Massenänderung oder Regelanpassung Mass change or rule update | Scope und Rule Change validieren Validate scope and rule change |
| PTA sign-in failures PTA sign-in failures | Agent offline oder Proxy/Firewall Agent offline or proxy/firewall | Agentstatus und Connectivity prüfen Check agent state and connectivity |
| AADSTS50020 / tenant mismatch AADSTS50020 / tenant mismatch | Falscher UPN oder falscher Tenant Wrong UPN or wrong tenant | UPN und home realm prüfen Check UPN and home realm |
| Password writeback failed Password writeback failed | Agent, Berechtigungen oder Passwortpolicy Agent, permissions, or password policy | SSPR-Logs und AD-Rechte prüfen Check SSPR logs and AD permissions |
| Device not syncing Device not syncing | OU-Filter oder fehlende Hybrid-Konfiguration OU filter or missing hybrid configuration | Geräte-OU und SCP prüfen Check device OU and SCP |
| Unexpected deletes Unexpected deletes | Filterfehler oder OU entfernt Filter issue or OU removed | Deletion Threshold prüfen Check deletion threshold |
| Cloud Sync mapping issue Cloud Sync mapping issue | Expression oder Match falsch Wrong expression or match | Provisioning Logs analysieren Analyze provisioning logs |
| Staging server drift Staging server drift | Konfiguration nicht synchron Configuration not aligned | Exports und Custom Rules vergleichen Compare exports and custom rules |
Migrationspfade Migration paths
| Ausgangslage Starting point | Ziel Target | Vorgehen Approach |
|---|---|---|
| Altes Azure AD Connect Legacy Azure AD Connect | Neue Entra Connect Version New Entra Connect version | Parallel im Staging aufbauen, dann Switchover Build in parallel with staging, then switch over |
| Federation Federation | PHS/PTA PHS/PTA | Pilotdomäne, Sign-In-Tests, schrittweise Domain Conversion Pilot domain, sign-in tests, phased domain conversion |
| Entra Connect Entra Connect | Cloud Sync Cloud Sync | Nur bei unterstützten Szenarien; Pilot per Gruppenfilter Only for supported scenarios; pilot with group-based filtering |
| Ein Forest Single forest | Mehrere Forests Multiple forests | Join- und UPN-Strategie früh festlegen Define join and UPN strategy early |
| Aktiver Server Active server | DR / neues Rechenzentrum DR / new datacenter | Staging Server laufend pflegen und testen Continuously maintain and test the staging server |
PowerShell Referenz PowerShell reference
PowerShell
PowerShell
# Synchronisationsdienststatus
Get-Service ADSync
# Scheduler Konfiguration
Get-ADSyncScheduler | Format-List *
# Letzte Synchronisationsläufe
Get-ADSyncConnectorRunStatus
Synchronisationsregeln KomplettreferenzComplete synchronization rules reference
Entra Connect Sync lebt von klarer Regelpriorität, sauberer Transformation und bewusstem Umgang mit Custom Rules. Jede unnötige Anpassung erhöht die Wartungslast – jede fehlende Anpassung kann aber Zielzustände verhindern.Entra Connect Sync depends on clear rule precedence, clean transformations, and deliberate use of custom rules. Every unnecessary customization increases maintenance, but every missing customization can prevent the desired state.
| RegeltypRule type | BeispieleExamples | KommentarComment |
|---|---|---|
| Inbound Top RulesInbound top rules | In from AD - User Common, User Join, Group Common, Contact Common, InetOrgPerson CommonIn from AD - User Common, User Join, Group Common, Contact Common, InetOrgPerson Common | Objektaufnahme, Join und Normalisierung.Object intake, join, and normalization. |
| Outbound Top RulesOutbound top rules | Out to AAD - User Join, User Identity, Group Join, Contact Join, Exchange OnlineOut to AAD - User Join, User Identity, Group Join, Contact Join, Exchange Online | Steuert Flows Richtung Entra ID.Controls flows toward Entra ID. |
| TransformationstypenTransformation types | Direct, Constant, Expression, Merge, Join, FlowIfNull/IfEmptyDirect, constant, expression, merge, join, flow if null/if empty | Kleine Regeln vor großen Expressions bevorzugen.Prefer small rules over giant expressions. |
| PrecedencePrecedence | Niedrigere Zahl gewinnt; Custom Rules meist vor Out-of-Box-Regeln einordnen.Lower number wins; custom rules are usually placed ahead of out-of-box rules. | Dokumentation und Versionskontrolle sind Pflicht.Documentation and version control are mandatory. |
Custom Rules erstellenCreate custom rules
- Vor jeder Änderung bestehende Regeln exportieren und die aktuelle Precedence dokumentieren.Before any change, export existing rules and document the current precedence.
- Neue Rule zuerst im Staging Server oder Lab validieren und nur mit klarer Namenskonvention produktiv schalten.Validate a new rule first on the staging server or lab and move it to production only with a clear naming convention.
- Wenn möglich in Expressions nur deterministische, leicht lesbare Logik verwenden.When possible, keep expressions deterministic and easy to read.
Attributfluss AD -> Entra IDAttribute flow AD -> Entra ID
| On-Prem ADOn-prem AD | Entra IDEntra ID |
|---|---|
| cncn | displayNamedisplayName |
| displayNamedisplayName | displayNamedisplayName |
| givenNamegivenName | givenNamegivenName |
| snsn | surnamesurname |
| userPrincipalNameuserPrincipalName | userPrincipalNameuserPrincipalName |
| mailmail | mailmail |
| proxyAddressesproxyAddresses | proxyAddressesproxyAddresses |
| telephoneNumbertelephoneNumber | businessPhonesbusinessPhones |
| mobilemobile | mobilePhonemobilePhone |
| streetAddressstreetAddress | streetAddressstreetAddress |
| ll | citycity |
| stst | statestate |
| postalCodepostalCode | postalCodepostalCode |
| coco | countrycountry |
| cc | usageLocationusageLocation |
| companycompany | companyNamecompanyName |
| departmentdepartment | departmentdepartment |
| titletitle | jobTitlejobTitle |
| employeeIDemployeeID | employeeIdemployeeId |
| employeeTypeemployeeType | employeeTypeemployeeType |
| managermanager | managermanager |
| physicalDeliveryOfficeNamephysicalDeliveryOfficeName | officeLocationofficeLocation |
| facsimileTelephoneNumberfacsimileTelephoneNumber | faxNumberfaxNumber |
| pagerpager | pagerpager |
| infoinfo | aboutMeaboutMe |
| wWWHomePagewWWHomePage | webUrlwebUrl |
| thumbnailPhotothumbnailPhoto | thumbnailPhotothumbnailPhoto |
| msExchHideFromAddressListsmsExchHideFromAddressLists | showInAddressListshowInAddressList |
| msExchRecipientDisplayTypemsExchRecipientDisplayType | recipientTypeDetailsrecipientTypeDetails |
| msExchRecipientTypeDetailsmsExchRecipientTypeDetails | recipientTypeDetailsrecipientTypeDetails |
| msExchArchiveStatusmsExchArchiveStatus | archiveStatusarchiveStatus |
| msExchUsageLocationmsExchUsageLocation | usageLocationusageLocation |
| onPremisesSecurityIdentifieronPremisesSecurityIdentifier | onPremisesSecurityIdentifieronPremisesSecurityIdentifier |
| sAMAccountNamesAMAccountName | onPremisesSamAccountNameonPremisesSamAccountName |
| objectSidobjectSid | onPremisesSecurityIdentifieronPremisesSecurityIdentifier |
| userAccountControluserAccountControl | accountEnabledaccountEnabled |
| pwdLastSetpwdLastSet | lastPasswordChangeDateTimelastPasswordChangeDateTime |
| whenCreatedwhenCreated | createdDateTimecreatedDateTime |
| msDS-ExternalDirectoryObjectIdmsDS-ExternalDirectoryObjectId | onPremisesImmutableIdonPremisesImmutableId |
| sourceAnchorsourceAnchor | immutableIdimmutableId |
| extensionAttribute1extensionAttribute1 | onPremisesExtensionAttributes.extensionAttribute1onPremisesExtensionAttributes.extensionAttribute1 |
| extensionAttribute2extensionAttribute2 | onPremisesExtensionAttributes.extensionAttribute2onPremisesExtensionAttributes.extensionAttribute2 |
| extensionAttribute3extensionAttribute3 | onPremisesExtensionAttributes.extensionAttribute3onPremisesExtensionAttributes.extensionAttribute3 |
| extensionAttribute4extensionAttribute4 | onPremisesExtensionAttributes.extensionAttribute4onPremisesExtensionAttributes.extensionAttribute4 |
| extensionAttribute5extensionAttribute5 | onPremisesExtensionAttributes.extensionAttribute5onPremisesExtensionAttributes.extensionAttribute5 |
| extensionAttribute6extensionAttribute6 | onPremisesExtensionAttributes.extensionAttribute6onPremisesExtensionAttributes.extensionAttribute6 |
| extensionAttribute7extensionAttribute7 | onPremisesExtensionAttributes.extensionAttribute7onPremisesExtensionAttributes.extensionAttribute7 |
| extensionAttribute8extensionAttribute8 | onPremisesExtensionAttributes.extensionAttribute8onPremisesExtensionAttributes.extensionAttribute8 |
| extensionAttribute9extensionAttribute9 | onPremisesExtensionAttributes.extensionAttribute9onPremisesExtensionAttributes.extensionAttribute9 |
| extensionAttribute10extensionAttribute10 | onPremisesExtensionAttributes.extensionAttribute10onPremisesExtensionAttributes.extensionAttribute10 |
| extensionAttribute11extensionAttribute11 | onPremisesExtensionAttributes.extensionAttribute11onPremisesExtensionAttributes.extensionAttribute11 |
| extensionAttribute12extensionAttribute12 | onPremisesExtensionAttributes.extensionAttribute12onPremisesExtensionAttributes.extensionAttribute12 |
| extensionAttribute13extensionAttribute13 | onPremisesExtensionAttributes.extensionAttribute13onPremisesExtensionAttributes.extensionAttribute13 |
| extensionAttribute14extensionAttribute14 | onPremisesExtensionAttributes.extensionAttribute14onPremisesExtensionAttributes.extensionAttribute14 |
| extensionAttribute15extensionAttribute15 | onPremisesExtensionAttributes.extensionAttribute15onPremisesExtensionAttributes.extensionAttribute15 |
| mailNicknamemailNickname | mailNicknamemailNickname |
| targetAddresstargetAddress | targetAddresstargetAddress |
| legacyExchangeDNlegacyExchangeDN | legacyExchangeDnlegacyExchangeDn |
| memberOfmemberOf | transitiveMemberOftransitiveMemberOf |
Cloud Sync Expression BuilderCloud Sync expression builder
| FunktionFunction | NutzenUse | BeispielExample |
|---|---|---|
| Append(a,b)Append(a,b) | Strings verkettenAppend strings | Append([givenName], [surname])Append([givenName], [surname]) |
| CBool(value)CBool(value) | In Boolean umwandelnCast to boolean | CBool([isActive])CBool([isActive]) |
| CDate(value)CDate(value) | In Datum umwandelnCast to date | CDate([hireDate])CDate([hireDate]) |
| CGuid()CGuid() | GUID generierenGenerate GUID | CGuid()CGuid() |
| CInt(value)CInt(value) | In Integer umwandelnCast to integer | CInt([employeeNumber])CInt([employeeNumber]) |
| CStr(value)CStr(value) | In String umwandelnCast to string | CStr([employeeId])CStr([employeeId]) |
| DateAdd(unit,value,date)DateAdd(unit,value,date) | Datum addierenAdd to a date | DateAdd("d", 30, [hireDate])DateAdd("d", 30, [hireDate]) |
| DateDiff(unit,date1,date2)DateDiff(unit,date1,date2) | DatumsdifferenzDate difference | DateDiff("d", [hireDate], Now())DateDiff("d", [hireDate], Now()) |
| FormatDateTime(date,format)FormatDateTime(date,format) | Datum formatierenFormat a date | FormatDateTime([hireDate], "yyyy-MM-dd")FormatDateTime([hireDate], "yyyy-MM-dd") |
| IIF(condition,true,false)IIF(condition,true,false) | Bedingte LogikConditional logic | IIF(IsNullOrEmpty([mail]), [userPrincipalName], [mail])IIF(IsNullOrEmpty([mail]), [userPrincipalName], [mail]) |
| InStr(value,search)InStr(value,search) | Teilstring suchenSearch substring | InStr([department], "HR")InStr([department], "HR") |
| IsNullOrEmpty(value)IsNullOrEmpty(value) | Leere Werte erkennenDetect empty values | IsNullOrEmpty([employeeId])IsNullOrEmpty([employeeId]) |
| Join(separator, values)Join(separator, values) | Mehrwerte verbindenJoin multi-values | Join(";", [proxyAddresses])Join(";", [proxyAddresses]) |
| Left(value,length)Left(value,length) | Linke ZeichenLeft characters | Left([employeeId], 4)Left([employeeId], 4) |
| Mid(value,start,length)Mid(value,start,length) | Mitte extrahierenExtract middle | Mid([displayName], 1, 5)Mid([displayName], 1, 5) |
| NormalizeDiacritics(value)NormalizeDiacritics(value) | Umlaute normalisierenNormalize accents | NormalizeDiacritics([displayName])NormalizeDiacritics([displayName]) |
| Now()Now() | Aktuelle ZeitCurrent time | Now()Now() |
| RemoveDuplicates(values)RemoveDuplicates(values) | Duplikate entfernenRemove duplicates | RemoveDuplicates([proxyAddresses])RemoveDuplicates([proxyAddresses]) |
| Replace(value,old,new)Replace(value,old,new) | ErsetzenReplace | Replace([mail], "@contoso.com", "@fabrikam.com")Replace([mail], "@contoso.com", "@fabrikam.com") |
| Right(value,length)Right(value,length) | Rechte ZeichenRight characters | Right([employeeId], 4)Right([employeeId], 4) |
| SelectUniqueValue(v1,v2,...)SelectUniqueValue(v1,v2,...) | Ersten eindeutigen Wert wählenPick first unique value | SelectUniqueValue([mail], [userPrincipalName])SelectUniqueValue([mail], [userPrincipalName]) |
| Split(value,separator)Split(value,separator) | String teilenSplit a string | Split([proxyAddresses], ";")Split([proxyAddresses], ";") |
| StripSpaces(value)StripSpaces(value) | Leerzeichen entfernenStrip spaces | StripSpaces([employeeId])StripSpaces([employeeId]) |
| Substring(value,start,length)Substring(value,start,length) | TeilstringSubstring | Substring([displayName], 0, 3)Substring([displayName], 0, 3) |
| Switch(value,default,...)Switch(value,default,...) | MehrfachauswahlMulti-branch logic | Switch([country], "ROW", "DE", "EMEA", "US", "NAM")Switch([country], "ROW", "DE", "EMEA", "US", "NAM") |
| ToLower(value)ToLower(value) | KleinbuchstabenLowercase | ToLower([mailNickname])ToLower([mailNickname]) |
| ToUpper(value)ToUpper(value) | GroßbuchstabenUppercase | ToUpper([country])ToUpper([country]) |
| Trim(value)Trim(value) | TrimmenTrim | Trim([displayName])Trim([displayName]) |
Synchronisation TroubleshootingSynchronization troubleshooting
| SzenarioScenario | PrüfungCheck | GegenmaßnahmeCountermeasure |
|---|---|---|
| Portal RemediationPortal remediation | Fehlerhinweise in Entra Connect Health oder Cloud Sync Portal prüfen.Review error hints in Entra Connect Health or the Cloud Sync portal. | Konfliktobjekte, Attributfehler und Agentstatus priorisieren.Prioritize conflict objects, attribute failures, and agent status. |
| Delta/Initial SyncDelta/initial sync | Wurde der erwartete Lauf mit Start-ADSyncSyncCycle ausgelöst?Was the expected cycle triggered with Start-ADSyncSyncCycle? | Delta für kleine Änderungen, Initial nach Regeldesign-Änderungen.Use delta for small changes and initial after rule-design changes. |
| ADSync DiagnosticsADSync diagnostics | Invoke-ADSyncDiagnostics und Connect Health verwenden.Use Invoke-ADSyncDiagnostics and Connect Health. | Wiederkehrende Connector- und Exportfehler dokumentieren.Document recurring connector and export failures. |
| Export/Import AnalyseExport/import analysis | Pending Exports, Connector Space, Metaverse und Join-Regeln prüfen.Review pending exports, connector space, metaverse, and join rules. | Objektfluss vom Quellsystem bis zum Ziel Schritt für Schritt nachvollziehen.Trace the object flow step by step from source to target. |
| Conflict ResolutionConflict resolution | UPN, ProxyAddress oder SourceAnchor-Konflikte identifizieren.Identify UPN, proxyAddress, or sourceAnchor conflicts. | Authoritative Source festlegen und Dubletten bereinigen.Define the authoritative source and clean up duplicates. |
ADSync Troubleshooting CommandsADSync troubleshooting commands
Get-Service ADSync
Get-ADSyncScheduler | Format-List *
Start-ADSyncSyncCycle -PolicyType Delta
Invoke-ADSyncDiagnostics -PasswordSync
Get-ADSyncConnectorRunStatus