Azure Active Directory – Registered Devices are not synched between Active Directory and Azure Active Directory

Leave a Comment / Microsoft Azure, Office 365, Windows / By / / Microsoft Azure, Office 365, Office 365 Grid, Windows

Following my previous post about this feature in preview on Azure Active Directory allowing you to set up Join Workplace / Register Devices – see http://blog.hametbenoit.info/2014/06/27/microsoft-azure-azure-active-directory-device-registration-in-preview/, I ran into an issue. Registered devices are not synched between AD and AAD; devices registered on AD do not show up on Azure portal and device registered on AAD are not synched back on AD.

image 

On the directory sync tool, it shows the following error

Stack Trace

Microsoft.MetadirectoryServices.ProvisioningBySyncRuleException: The partition filter criteria for management agent "Active Directory Connector" do not include an object with DN "CN=5111aac0-ceae-48fa-885b-cecf9f21bb17,CN=RegisteredDevices,DC=<removed>,DC=<removed>" and object classes msDS-Device.

imageimage 

Off course, there is no RegisteredDevices OU available for selection in the MA; it would have been to simple Smile

image 

 

So, the solution is anyway relatively simple

On the server where the Azure Active Directory Synchronization tool has been installed, open the FIM console (located within the directory "C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell\" and run miisclient.exe)

Then go to the Management Agents tab and open the properties for your Active Directory Connector

image 

Reach the Configure Directory Partitions section and open the Select containers for this partition and enter your AD admin credentials

image 

Do not change any OU selection (except if you want to update your OU filtering in the same time); click on the Advanced button

image 

Add the DN (Distinguished Name) of the RegisteredDevices container (should looks like CN=RegisteredDevices,DC=<domain>,DC=<top level>) in the Specify additional containers to add and ensure the Include container option is selected

image 

Close all window and run a full synch, while still within the Management Agents tab

  1. Select Active Directory Connector and click Run\Full Import Full Sync
  2. Select Windows Azure Active Directory Connector and click Run\Full Import Full Sync
  3. Select Windows Azure Active Directory Connector and click Run\Export
  4. Select Active Directory Connector and run Run\Export

Et voila, all registered devices – from AD or AAD – are synched

image 

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.