How to demote a Domain Controller Gracefully?

How to Promote a Domain Controller Using PowerShell?

What is Password Replication Policy in RODC?

How to setup RODC to an existing domain?

How to Configure Child Domain Controller? (Server 2022)

How to add a new domain controller (ADC) to an existing domain?

how to Install a New Windows Server 2022 Active Directory Forest?

HOW TO INSTALL WINDOWS SERVER 2022?

WINDOWS SERVER 2022 -NEW AD FEATURES

Device not Synched to Azure AD

 Hello Everyone, 

I have come across a scenario where found that all the Devices from On-Prem are synched to Azure AD without any issue but there are a few devices or the recently AD joined devices have not synched as expected. 

It would be a good idea to validate the below points before we start troubleshooting: 

1.  The Device is in the right OU which is allowed to Sync. 

2. The Device is not filtered-out from any Sync rule. 

3. Check the "Connector" --> Go to "Synchronization Service Manager" --> Metaverse Search and then search for the computer which is not reflecting on Azure Devices but available on on-prem AD. 

 Double click or open Properties of Searched device and here, you will see only Internal (on-prem) connector but Outbound connector is not available. 

4.Validate the Sync Rule (Outbound) for Device is configured as below and there is not other Sync Rule that is conflicting this rule. 

Let`s proceed to Fix the issue. 

Solution-1 (From Active Directory)

On on-prem AD, open the Computer Attributes which is not synched to Azure and look for the "userCertificate" attribute. if the value is blank or empty, you can enter any Random numeric value to Fix the issue. 

Before 

After 

 

Apply and Ok. 

Now all you have to do is either wait or Run the Delta Sync on Azure AD connect Server and after next sync the Device should appear to Azure. 

Solution-2 (From Affected Machine)

Another way to fix the issue is, log on to the machine which is not Synched to Azure and check the schedular. if its disabled, you need to enable it. 

Once the Schedular is Enabled, Check the "userCertificate" attribute in Computer properties is populated. 

Note: You may also check the same error in Event Viewer as well under the below path. 

That`s it. i hope this helps.