Azure Directory Sync

Azure Directory Synchronization (aka Azure AD Connect) is used to synchronize user accounts, group memberships, and credential hashes from an On-Premises AD DS environment to Azure AD. Azure Directory Synchronization tool works by importing data from both directories (On-Premises and Azure), validating changes, and then exporting any changes to the directories.

Azure AD Connect sync: Understanding the architecture - Azure - Microsoft Entra | Microsoft Docs

Term definitions:

• Connector: Used by sync engine to connect to a data source (CS)
• Metaverse: Storage area that contains the aggregated identity information from multiple directories (MV)
• Connected directories: The data repositories that are synchronized by sync engine are called connected data sources or connected directories (CD).

Search Metaverse

Metaverse search can be used to track object changes (e.g., adding or removing a member from a group). Search the meta verse for the group object.

1. Open Synchronization Service Manager application
2. Select the tile "Metaverse Search"
3. Scope by Object Type: group
4. Select the option "Add Clause" to add a condition to filter on (see example)
5. Select the search button.

Inspect the object

1. Using the search results, select the object in the results and select properties
2. Select the connectors tab
3. Select the properties tab for the select connector and confirm the attribute(s) is correct
4. Repeat the steps for the next connector and confirm both connectors contain the same data

If the connectors space does not contain the same data, engage the M365 Identity team to continue investigating.