I had been working on troubleshooting our Azure AD Sync as I had realized we hadn’t had a successful sync in about a week. The only reason I knew was because we had made some changes in the AD and they were not syncing up to Azure. The sync process was reporting successful in the portal, even though this was not the case. I figured it would be good to talk about it here, in case I need the info again, and to help others who may have the issue as well.
AAD Sync Export Errors
Azure AD was in fact syncing with Office 365, but I was getting a lot of error messages on the export.
I verified the on-premise sync account , as well as the account online had the required permissions for syncing. Once I verified this was not the issue, I had hoped that clicking on the error may provide more details to help solve this issue.
Not very helpful, other than the connected data source error code of 8344. After some digging on this, I was able to resolve the issue with the following:
Run this Active Directory Inheritance PowerShell script to generate a CSV list of users that are not inheriting permissions.
For each user on that list, go to User Properties > Security > Advanced. On the advanced screen the button will say ‘Enable Inheritance’ for these users. Go ahead and click this button. The button text will change to ‘Disable Inheritance’. Click on apply, and then close that user and move on to the next one.
Once I had verified all users were inheriting permissions, I ran a manual sync, and all changes were successful.
I hope this will help anyone else receiving this error, and having Azure AD Sync issues.