By now, you should already know that Azure Active Directory Connect (AAD Connect) is the directory synchronization tool used to synchronize your on-premises Active Directory identities to Azure Active Directory (AAD).
Well, AAD Connect just got an upgrade (version 1.5.30.0) which support the new Azure AD Connect sync V2 endpoint API (currently in preview – only available in Azure global cloud, not national ones), which improves the performance of the synchronization service operations to Azure Active Directory like:
- syncing groups with up to 250k members
- performance gains on export and import to Azure AD
If you want to start using the new Azure AD Connect sync V2 endpoint API you need to:
- First upgrade to AAD Connect 1.5.30.0 or later – download available here https://go.microsoft.com/fwlink/?LinkId=615771
- Then you switch to the v2 API by running the below PowerShell commands (using the Run As Administrator) which will disable the sync and then set the configuration to use the v2
Set-ADSyncScheduler -SyncCycleEnabled $false
Import-Module ‘C:Program FilesMicrosoft Azure AD SyncExtensionsAADConnector.psm1’
Set-ADSyncAADConnectorExportApiVersion 2
Set-ADSyncAADConnectorImportApiVersion 2
Set-ADSyncScheduler -SyncCycleEnabled $true
After activating the API v2, you may see a different error messages as it handle the synchronization process a little bit differently.
After enabling the new endpoint, you may see additional export errors on the AAD connector with name ‘dn-attributes-failure’. There will be a corresponding event log entry for each error with id 6949, . The errors are informational and do not indicate a problem with your installation, but rather that the sync process could not add certain members to a group in Azure AD because the member object itself was not synced to Azure AD.
![image_thumb[1]](https://www.cubesys.com.au/wp-content/uploads/2020/06/image_thumb1-172.png "image_thumb[1]")
![image_thumb[3]](https://www.cubesys.com.au/wp-content/uploads/2020/06/image_thumb3-109.png "image_thumb[3]")
![image_thumb[4]](https://www.cubesys.com.au/wp-content/uploads/2020/06/image_thumb4-85.png "image_thumb[4]")
IIF((ValueCount(“member”)> 50000),Error(“Maximum Group member count exceeded”),IgnoreThisFlow)
If you need to rollback and disable the v2 API run the below PowerShell commands
Set-ADSyncScheduler -SyncCycleEnabled $false
Import-Module ‘C:Program FilesMicrosoft Azure AD SyncExtensionsAADConnector.psm1’
Set-ADSyncAADConnectorExportApiVersion 1
Set-ADSyncAADConnectorImportApiVersion 1
Set-ADSyncScheduler -SyncCycleEnabled $true
