If you have a functioning Azure AD Connector in place, we recommend that you keep your current setup. A self-service migration feature will allow you to migrate to the new version of the Azure Sync.
We strongly recommend you to keep your Azure AD Connector setup until the self-serve migration is available. Migrating to the new Azure Sync now might disrupt services and result in loss of assets for your users.
If you have questions related to the Azure AD Connector, follow the FAQs here.
The Account Status column appears in both the Users and Directory Users list to inform administrators of the current status of a specific user.
For federated users synced with Azure Active Directory, users are managed in a read-only mode via Azure Sync, and the status depends on their status within the organization’s directory. Only Active status will appear on the Users list for synced users. A user that is removed from sync scope in AD will no longer appear on the Users list but will still be present on the Directory Users list as Disabled status.
Active = User account available for SSO login and license access. If sync is configured, an ‘Active’ user is in-scope for the automated sync.
Disabled = User account not available for SSO login or license access. If sync is configured, a ‘Disabled’ user is removed from sync scope in the organization’s directory, causing the user to no longer have login access to their account or provisioned licenses, but their cloud-stored assets are still available. A ‘Disabled’ user will only appear in the Directory Users list, and a user’s Adobe account can only be permanently deleted from the Directory User list.
If your organization is using the User Sync Tool or a UMAPI integration, you must first pause the alternate form of sync, then follow the steps to set up Azure Sync to automate user management from the Azure Portal.
The User Sync Tool or UMAPI integration can be removed completely once the Azure Sync is configured and running.
There is a set of common error messages displayed to be aware of when managing Azure Sync from Azure AD. Understanding the cause of the various error messages will aid in troubleshooting when errors occur.
Learn more about monitoring your deployment within Azure AD.
Yes. You can choose to disable or even remove Azure Sync from a federated directory. This removes the automated sync but leaves the directory, domains, and users of the directory intact.
When removing sync, User Provisioning should also be turned off for the former sync in Azure AD to prevent quarantine of the directory by Azure AD.
(Legacy) Azure AD Connector | Common questions
If you have set up your Admin Console directory using the (Legacy) Azure AD Connector, you may find the resolutions to your query here. Look for your question related to the old Connector features, integration scenarios, and sync issues.
The Azure AD Connector can only provide user management for the primary Admin Console in a primary-trustee Admin Console relationship. Any trustee Admin Consoles can take advantage of single sign-on with the federated directory, but must use a separate form of user management (such as CSV manual upload, User Sync Tool, or User Management API.)
The sync runs every 15 minutes, making updates to the Admin Console based on the changes identified in the aligned Azure AD security groups. The Connector landing page has a Trigger Sync feature available in the Admin Console, that allows a System Admin to force a sync at any time between the 15-minute intervals. However, you may experience a slight delay when you force Trigger Sync if you use on-premise Active Directory.
The Azure AD Connector requires that the domains and directories to be synced from Azure AD are not already established in the Admin Console with federation. If directory users do exist, you must permanently remove associated directory users, domains, and directories before the Connector implementation.
To know more, see set up SSO with Azure AD Connector.