Q: I received an email from Azure stating that my Directory Synchronization is unhealthy; what should I do?
A: When you configure Directory Synchronization with Azure Active Directory, you have an OS instance in your environment that runs the DirSync component, which essentially uses Forefront Identity Manager (FIM) to synchronize with Azure Active Directory. The email you received is alerting you that synchronization hasn't occurred for 24 hours. The first thing to check is that the OS instance that synchronizes is running and has Internet connectivity. If that looks OK, perform the following steps:
- On the OS instance that runs DirSync, launch miisclient.exe, which can be found in C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell.
- Select the Operations tab. Look for the status for the Windows Azure Active Directory Connector operations. If you see a status of stopped-extension-dll-exception, the most likely cause is that the password has expired for the account you're using for synchronization to Azure Active Directory.
- Select the Management Agents tab.
- Right-click Windows Azure Active Directory Connector and select Properties.
Select Connectivity; the account and password used will display, as the following figure shows.
- Navigate to the Microsoft Azure site and log on with this account. Change the password when you're prompted.
- Go back to the properties of the Azure Active Directory connector in miisclient. Enter the new password for the account and click OK.
- Synchronization should now work again. You can select the Run action for the Management Agent and manually run the Delta Import, Delta Sync, and Export jobs.
You can set an account so its password never expires. This is covered in "Configure Azure Active Directory Account Password to Not Expire."