I am trying to pull data out of Azure AD using the FIM Azure Connector.

I have:

• Installed the Beta Microsoft Online Sign-In Assistant (7.250.4551.0)
• I am using FIM Sync version 4.1.3508.0
• Installed the Azure AD connector (1.0.6635.69)
• Granted permissions to the MSOLCoExistence registry key
• Activated Directory Sync under Directory Integration in the Azure portal
• Created an Azure management agent in the Sync engine (specified the credentials, object types, attributes, etc.)
  
• Created a Full Import run profile
• Ran the Full Import

When I did all of this I got a successful run of the management agent with a status of completed-no-objects. (And of course I don't get any imported records.)

If I look in the event logs, I see an info message from the "Directory Synchronization" that looks like:

Import::Iteration: 1, Current batch size: 0, Imported total: 0, More: False,TrackingId: d2f02eac-0186-471b-ab49-cbcf85ace0ef, SyncCookie: ...

So it appears that it is talking to Azure.

Any suggestions as to what I am missing? My Azure AD has three records in it (the subscription account, the global admin user that I set up for the connector, and a basic test user), and none of these records came down on the Full Import run.

Edit: Of course after posting this question I found this thread, which asks a similar question. No idea why it came up as a related thread, and not in my initial search. Anyway my need is to pull down Azure accounts that have no on-premises representation. Is this possible?

Thanks

Rex

• Edited by Rex Wheeler Tuesday, March 17, 2015 8:54 PM

There shouldn't be anything stopping you from doing this, all you need to do is set the ImmutableID for your users in PowerShell, then import your objects into the connector space. The only side note I would add - I have seen cases where the information in Azure/O365 does not match up to the black box that the WAAD connector talks to.

• Edited by Cameron Zivkovic Wednesday, March 18, 2015 6:44 AM
• Marked as answer by Rex Wheeler 10 hours 52 minutes ago

There shouldn't be anything stopping you from doing this, all you need to do is set the ImmutableID for your users in PowerShell, then import your objects into the connector space. The only side note I would add - I have seen cases where the information in Azure/O365 does not match up to the black box that the WAAD connector talks to.

• Edited by Cameron Zivkovic Wednesday, March 18, 2015 6:44 AM
• Marked as answer by Rex Wheeler Wednesday, March 18, 2015 8:28 PM

Thanks. Manually adding the Immutable ID worked for me.

Another interesting thing I noticed is that the userPrincipalName attribute only seems to come down if it was set by DirSync. Even though the PowerShell add ins show values for the UPN and you can change the UPN with PowerShell, it doesn't seem to come down via the FIM connector for objects that were not originally synchronized from an on-premises AD. (I haven't done extensive testing yet, but this is how it appears.)