Manually Sync Local Active Directory with Azure using CLI

 

Azure AD connect sync's shortest time to perform syncing operations is 30 minutes. Password changes in the domain are almost instant. They are at least synced nearly immediately but be aware there might be a lag once syncing is complete to Azure.  Also consider if your local active directory domain replication is slow during regular times, it seems infinitely slower when you are awaiting recent updates to user or group properties to sync and be present in Azure. 

Be sure all your domain controllers have synced with each other do the following. Connect to a Domain controller using RDP or another method like VMware console. Then once logged in , open an elevated command prompt. in the command prompt window enter the following command to sync ALL domain controllers immediately. 

                                           repadmin /syncall /APeD                       

Case sensitive is important for the command's options. lower and upper case mean different things with this command. I always use this command as it not only replicate with the same site but all sites, all domain controllers. this command and many others cane executed on a server and desktops if AD remote tools are installed. Servers and desktops can be accessed remotely using software for online desktop support or built-in desktop access tool such as RDP. 

PowerShell CLI to manually Sync Local Active Directory changes to Microsoft Azure 

Once you are satisfied that your domain controller have replicated internally with each other then open a PowerShell prompt on the server that is running Azure AD connect service.  When the PowerShell command windows has opened, enter the following command (as shown in the screen shot). 

                                         Start-ADSyncSyncCycle -PolicyType -Delta

This will trigger a sync of local changes, additions, updates performed on local Active Directory objects.  When it completes you may still have to wait for the little lag time on the Azure side to see the results of the delta sync just performed.  I've been performing the two steps shown above for years and they always work. They also have saved time because it expedites the syncing process with absolutely no drawback. These steps have no negative impact. If you have a small environment with only several domain controllers and are confident there no local replication issues then you can just skip the step of replicating all the domain controllers.