- article
The purpose of this topic is to walk you through how to configure the properties of the preferred data location in Azure Active Directory (Azure AD) connection synchronization. When someone is using the multi-geo feature in Microsoft 365, you can use this attribute to specify the geographic location of the user's Microsoft 365 data. (TermsareaandgeographyCan be used interchangeably. )
Multiple geos supported
For a list of all geographic locations supported by Azure AD Connect, seeMicrosoft 365 multi-geo availability
Enable synchronization of preferred data locations
By default, your users' Microsoft 365 resources are co-located with your Azure AD tenant. For example, iftenantLocated in North America, the user's Exchange mailbox is also located in North America. For multinational organizations, this may not be the best option.
By setting the propertyPreferred data location, you can define the user's geographic location. You can put a user's Microsoft 365 resources, such as mailboxes and OneDrive, in the same geographic region as the user and still have one tenant for the entire organization.
important
Beginning June 1, 2023, CSP partners can purchase Multi-Geo for at least 5% of their customers' total Microsoft 365 subscription seats.
Customers with an active Enterprise Agreement can also use Multi-Geo. Please consult your Microsoft representative for details.
For a list of all geographic locations supported by Azure AD Connect, seeMicrosoft 365 multi-geo availability.
Azure AD Connect supports synchronization
Azure AD Connect supports synchronizationPreferred data locationAttributesuserObjects in 1.1.524.0 and later. Specifically:
- Object Type SchemauserExtended in Azure AD Connector to includePreferred data locationAttributes. The type of this attribute is single-valued string.
- Object Type SchemapeopleExpanded in the Metaverse to includePreferred data locationAttributes. The type of this attribute is single-valued string.
by default,Preferred data locationSynchronization is not enabled. This feature is suitable for large organizations. The Active Directory schema in Windows Server 2019 has an attributemsDS - preferred data locationYou should use for this purpose. If you haven't updated your Active Directory schema and are unable to do so, you must identify an attribute to hold the Microsoft 365 geographic location for your users. Every organization will be different.
important
Azure AD allowsPreferred data locationAttributed toCloud User ObjectDirect configuration using Azure AD PowerShell. To configure this property onsynchronized user object, you must use Azure AD Connect.
Before enabling sync:
If you have not upgraded your Active Directory schema to 2019, decide which on-premises Active Directory attribute to use as the source attribute. It should look like this,single-valued string.
If you previously configuredPreferred data locationexisting propertiessynchronized user objectUsing Azure AD PowerShell in Azure AD, you must backport the attribute value to the correspondinguserObjects in the local Active Directory.
important
Azure AD Connect deletes existing attribute values in Azure AD on sync if these values are not backportedPreferred data locationattribute is enabled.
Now configure source attributes on at least a few of the local Active Directory user objects. You can use it later for verification.
The following sections provide steps to enable synchronizationPreferred data locationAttributes.
notes
These steps are described in the context of an Azure AD deployment with a single forest topology and no custom sync rules. If you have a multi-forest topology, configured custom sync rules, or have a staging server, you should adjust these steps accordingly.
Step 1: Disable the sync scheduler and verify there are no syncs in progress
To avoid exporting unintentional changes to Azure AD, make sure that no synchronization occurs during the update of the synchronization rules. To disable the built-in sync scheduler:
- Start a PowerShell session on the Azure AD Connect server.
- Disable scheduled synchronization by running this cmdlet:
set ADSyncScheduler -SyncCycleEnabled $false. - start upSynchronization Service Managergo throughstart>sync service.
- chooseoperatetab, confirm the status is No Actionin progress.
Step 2: Refresh the Active Directory schema
If you have updated your Active Directory schema to 2019 and you installed Connect before the schema extension, the Connect schema cache does not have the updated schema. You then have to refresh the schema from the wizard to show it in the UI.
- Launch the Azure AD Connect wizard from your desktop.
- select optionRefresh directory schemathen clickNext.
- Enter your Azure AD credentials and clickNext.
- existRefresh directory schemapage, make sure All Forests is selected, and click theNext.
- When finished, close the wizard.
Step 3: Add Source Attributes to the Local Active Directory Connector Schema
This step is only required if you are running Connect version 1.3.21 or earlier. If you are using 1.4.18 or higher, skip to step 5.
Not all Azure AD attributes are imported into the on-premises Active Directory connector space. If you choose to use a property that is not synced by default, you will need to import it. Add the source property to the list of imported properties:
- chooseConnectorSynchronize tabs in Service Manager.
- Right-click the local Active Directory connector and selectcharacteristic.
- In the dialog that pops up, go toselect attributesLabel.
- Make sure that the source attribute you choose to use is checked in the attribute list. If you don't see your property, selectshow allcheckbox.
- To save, selectOK.
Step 4: AddPreferred data locationTo Azure AD Connector Schema
This step is only required if you are running Connect version 1.3.21 or earlier. If you are using 1.4.18 or higher, skip to step 5.
by default,Preferred data locationAttributes are not imported into the Azure AD connector space. Add this to the list of import properties:
- chooseConnectorSynchronize tabs in Service Manager.
- Right-click on the Azure AD connector and selectcharacteristic.
- In the dialog that pops up, go toselect attributesLabel.
- choosePreferred data locationproperties in the list.
- To save, selectOK.
Step 5: Create an Inbound Sync Rule
Inbound synchronization rules allow attribute values to flow from source attributes in on-premises Active Directory to the Metaverse.
start upSynchronization Rule Editorgo throughstart>Synchronization Rule Editor.
set search filterdirectionbecomeentry.
To create a new inbound rule, choose theadd new rule.
underdescribetab, providing the following configurations:
See AlsoData Lakehouses in the Spotlight: Insights from Dremio's Co-Founder - CDInsightsLago de datos en la nube frente a lago de datos local: lo que necesita saber | disolventeData Lakehouse: concepto, características clave y capas arquitectónicasModernización del almacén de datos y del lago de datos: de las instalaciones heredadas a la infraestructura nativa de la nube - Kai WaehnerAttributes value detail Name provide a name For example, "From AD - user preferred data location" describe Provide a custom description connection system Select On-Premises Active Directory Connector connected system object type user Metaverse object type people link type join in priority Choose a number between 1–99 1–99 are reserved for custom sync rules. Do not select a value used by another sync rule. Keeprange filterEmpty to include all objects. You might need to adjust the scope filter based on your Azure AD Connect deployment.
go toConversion tab, and implement the following transformation rules:
flow type target attribute source apply once merge type direct Preferred data location Select source properties unchecked renew To create an inbound rule, choose theAdd to.
Step 6: Create an Outbound Sync Rule
Outbound sync rules allow property values to flow from the Metaverse toPreferred data locationAttributes in Azure AD:
go toSynchronization Rule Editor.
set search filterdirectionbecomeoutbound.
chooseadd new rule.
(Video) How To Setup LDAP to Azure Active Directoryunderdescribetab, providing the following configurations:
Attributes value detail Name provide a name For example, "Out to Azure AD – User preferredDataLocation" describe provide a description connection system Select Azure AD Connector connected system object type user Metaverse object type people link type join in priority Choose a number between 1–99 1–99 are reserved for custom sync rules. Do not select a value used by another sync rule. go torange filtertab, and add a Range Filter group with two clauses:
Attributes operator value source object type equal user Cloud Proficient Precautions real The scope filter determines which Azure AD objects this outbound synchronization rule applies to. In this example, we use the same scope filter from the "Out to Azure AD – User Identity" OOB (out of the box) sync rule. It prevents sync rules from being applied touserObjects not synchronized from on-premises Active Directory. You might need to adjust the scope filter based on your Azure AD Connect deployment.
go totransformationtab, and implement the following transformation rules:
flow type target attribute source apply once merge type direct Preferred data location Preferred data location unchecked renew closureAdd toCreate outbound rules.
Step 7: Run a full sync cycle
Typically, a full sync cycle is required. This is because you have added new attributes to the Active Directory and Azure AD connector schema and introduced custom synchronization rules. Validate changes before exporting them to Azure AD. You can use the steps below to verify changes while manually running the steps that make up a full sync cycle.
runningfull importOn the local Active Directory connector:
go toConnectorSynchronize tabs in Service Manager.
Right-clickOn-premises Active Directory connector, and selectrunning.
In the dialog, selectfull import, and selectOK.
Wait for the operation to complete.
notes
You can skip the full import on the local Active Directory connector if the source attribute is already included in the list of imported attributes. In other words, you don't have to make any changes in Step 2 earlier in this article.
runningfull importOn Azure AD Connector:
(Video) Microsoft 365 - 5 NEW & Updated Features Admins MUST Know!- Right-clickAzure AD Connector, and selectrunning.
- In the dialog, selectfull import, and selectOK.
- Wait for the operation to complete.
Verify existing sync rule changesuserPurpose.
Source attributes from on-premises Active Directory, andPreferred data locationFrom Azure AD, imported into each corresponding connector space. Before proceeding with the full synchronization steps, make a copy of the existinguserObjects in the local Active Directory connector space. The object you selected should have the source property populated. a successful previewPreferred data locationPopulation in the metaverse is a good indicator that you have properly configured sync rules. For information on how to preview, seeverify changes.
runningfull syncOn the local Active Directory connector:
- Right-clickOn-premises Active Directory connector, and selectrunning.
- In the dialog, selectfull sync, and selectOK.
- Wait for the operation to complete.
verifyto be exportedto Azure AD:
Right-clickAzure AD Connector, and selectSearch the connector space.
insideSearch the connector spacedialog:
a. putscopearriveto be exported.
b. Select all three check boxes, includingAdd, modify and delete.
c. To view a list of objects with changes to export, choosesearch.To check changes for a given object, double-click the object.
d. Verify that the changes are as expected.
runningexitexistAzure AD Connector
- Right-clickAzure AD Connector, and selectrunning.
- insideRun the connectordialog box, selectexit, and selectOK.
- Wait for the operation to complete.
notes
You may notice that these steps do not include the full sync step on the Azure AD connector or the export step on the Active Directory connector. These steps are not required because attribute values only flow from on-premises Active Directory to Azure AD.
Step 8: Re-enable the sync scheduler
Re-enable the built-in sync scheduler:
- Start a PowerShell session.
- Re-enable scheduled synchronization by running this cmdlet:
set ADSyncScheduler -SyncCycleEnabled $true
Step 9: Verify Results
Now is the time to validate the configuration and enable it for your users.
- Adds geography to the user's selected properties. A list of available geographic locations can be found in this table.
- Wait for the attributes to sync to Azure AD.
- Using Exchange Online PowerShell, verify that the mailbox zone is set up correctly.
Assuming your tenant has been marked as able to use this feature, the mailbox will be moved to the correct geographic location. This can be verified by looking at the server name where the mailbox is located.
Next step
Learn more about multi-geo in Microsoft 365:
- Ignite's multi-geo sessions
- Multi-Geo in OneDrive
- Multi-Geo in SharePoint Online
Learn more about the configuration model in the sync engine:
- Read more about configuring models inLearn about declarative configuration.
- Read more about Expression LanguageUnderstanding declarative configuration expressions.
Overview topics:
- Azure AD Connect Sync: Understanding and Customizing Sync
- Integrate on-premises identities with Azure Active Directory
FAQs
What is the preferred data Location? ›
Preferred Data Location (PDL) – The user property that is set by the admin that determines where the user's data resides.
How to configure Azure AD Connect to use preferred domain controllers? ›Right-click the connector and choose Properties. In the Configure Preferred DCs window, add the domain controllers you want AAD Connect to interface with. You can order the domain controllers preference by moving them up/down the list. Click OK to confirm the changes.
Which actions can you perform with Microsoft Azure directory connect but not with Microsoft Azure Active Directory sync? ›Microsoft AAD Connect can connect to multiple on-premises forests and can exchange organizations and synchronized the customer defined attributes but cannot use Forefront Identity Management synchronization rules.
How do you collect location data? ›Open Google maps with a web browser at maps.google.com . Use the Search field to find your selected location of interest. Zoom in, move the map, and then click on the specific location you identify as your most accurate data point.
What is an example of geolocation data? ›The most common example is providing the location of an object on Earth through longitude and latitude coordinates. It can also add location information to a digital artifact such as a photo or social media post.
How do I check my Azure AD Connect configuration? ›Open the Azure AD Connect Wizard. 3.) Click "Configure" on the Welcome screen. If you can't see it there you can still verify whether the configuration settings align with the defaults, or whether there are some custom options selected.
How to configure Active Directory domain Services in Azure? ›- Prerequisites.
- Sign in to the Azure portal.
- Create a managed domain.
- Deploy the managed domain.
- Update DNS settings for the Azure virtual network.
- Enable user accounts for Azure AD DS.
- Next steps.
Navigate to System and Security, and then click System. Under Computer name, domain, and workgroup settings, click Change settings. Under the Computer Name tab, click Change. Under Member of, click Domain, type the name of the domain that you wish this computer to join, and then click OK.
How does Office 365 integration with Azure Active Directory? ›Microsoft 365 uses Azure Active Directory (Azure AD) to manage user identities behind the scenes. Your Microsoft 365 subscription includes a free Azure AD subscription so that you can integrate your on-premises Active Directory Domain Services (AD DS) to synchronize user accounts and passwords or set up single sign-on.
How do I force sync between AD and Office 365? ›Force AD Sync Using AD Users & Computers
You must have Easy365Manager installed for this to work. After making the changes to your user account that you want to replicate, select the check box in the bottom left corner of the Office 365 tab: Clicking Apply or OK will force an AD sync immediately.
How do I connect my Microsoft 365 to Azure? ›
- Sign in the Account Management Portal with the service administrator credentials.
- Click ACTIVE DIRECTORY on the left pane. ...
- Add the Office 365 tenant to your Azure subscription. ...
- Change the directory associated with the Azure subscription.
Azure provides two solutions for implementing directory and identity services in Azure: Use Azure AD to create an Active Directory domain in the cloud and connect it to your on-premises Active Directory domain. Azure AD Connect integrates your on-premises directories with Azure AD.
What is the precedence rule in Azure AD Connect? ›The precedence for Synchronization Rules is set in groups by the installation wizard. All rules in a group have the same name, but they are connected to different connected directories. The installation wizard gives the rule In from AD – User Join highest precedence and it iterates over all connected AD directories.
Which tool is used by Azure Active Directory Azure AD to provide access to resources based on organizational policies? ›Conditional access is the tool used by Azure AD to bring together signals, make decisions, and enforce organizational policies.
What are the two known ways to present location specific data? ›There are two ways of presenting location data to the user: geodetic and civil.
Which method is used to get the location specific information? ›The HTML Geolocation API is used to get the geographical position of a user. Since this can compromise privacy, the position is not available unless the user approves it. Note: Geolocation is most accurate for devices with GPS, like smartphones.
What are the types of data location? ›There are two basic types of location data: vector data and raster data.
What is the difference between geolocation and location? ›A location is a specific, physical place with an address. An admin configures locations. Locations appear in the Location section of your profile. A geolocation is a geographic area that Genesys Cloud determines by IP address.
What is the difference between geolocation and geocoding? ›There is often confusion around 'geolocation' and 'geocoding', but they are not the same thing. Geolocation is the physical locality of a device or the process of finding the physical locality of a device, while geocoding refers to the latitude and longitude.
What is the difference between geospatial and geolocation? ›Geospatial is a term used to define data about a physical object that can be represented numerically in a geographic coordinate system such as an address, zip code or city. Geolocation data, on the other hand, is information that is collected from a device's location in geographic terms.
What is the default domain for Azure AD Connect? ›
Connect to Azure AD
You might want to use an account in the default onmicrosoft.com domain, which comes with your Azure AD tenant. This account is used only to create a service account in Azure AD.
Sign in to the Microsoft 365 admin center with a global administrator account. On the Home page, you'll see the User management card. On the card, choose Sync errors under Azure AD Connect to see the errors on the Directory sync errors page.
How do I troubleshoot Azure AD Connect? ›Start the Azure AD Connect wizard. Go to Additional Tasks > Troubleshoot, and then select Next. On the Troubleshooting page, select Launch to start the troubleshooting menu in PowerShell. In the main menu, select Troubleshoot Object Synchronization.
How to connect Active Directory with Azure Active Directory? ›- Select. ...
- Select Azure Active Directory, and then select Connect directory.
- Select a directory from the dropdown menu, and then select Connect. ...
- Select Sign out. ...
- Confirm that the process is complete.
Installing AD DS by Using Windows PowerShell. Installing AD DS by using Server Manager. Performing a Staged RODC Installation using the Graphical User Interface.
Do I need a domain controller at each site? ›Do I Need a Domain Controller? In general, yes. Any business – no matter the size – that saves customer data on their network needs a domain controller to improve security of their network. There could be exceptions: some businesses, for instance, only use cloud based CRM and payment solutions.
Can you have multiple domains on a domain controller? ›Each domain needs its own Domain Controller, you cannot create multiple domains using the same domain controller.
Can you have two different domain controllers on the same network? ›Actually, In a larger environment, at least two domain controllers at each physical site should be DNS servers. This provides redundancy in the event that one DC goes offline unexpectedly. Note that domain-joined machines must be configured to use multiple DNS servers in order to take advantage of this.
What is data location? ›Location data are information about the geographic positions of devices (such as smartphones or tablets) or structures (such as buildings, attractions). The geographic positions of location data are called coordinates, and they are commonly expressed in Latitude and Longitude format.
Where is my o365 data stored? ›How do I know where my data currently sits? Within the Microsoft 365 Admin Centre, click on your organisational name and the information is located towards the bottom of the page under “Data Location”. Explore Microsoft's global data centre locations in their 3D globe map available here.
What are the 3 types of location? ›
- Locality.
- Relative location.
- Absolute location.
There are two basic types of location data: vector data and raster data.
Where is Azure AD data stored? ›Azure AD Core Store data, stored in data centers closest to the tenant-residency location, to reduce latency and provide fast user sign-in times. Azure AD Core Store data stored in geographically isolated data centers to assure availability during unforeseen single-datacenter, catastrophic events.
How do I change my data location in Office 365? ›- Use Office 365 Administrator credentials to enter into Admin Center. Then, click Settings. Choose Organization Profile.
- Click the Data Location option on the Organization Profile page and it will display the selected Region of your selected tenant.
Microsoft 365 and Office 365 products all store files in the cloud by default. Web versions of Microsoft Office products such as Word, Excel, and PowerPoint can only open files from cloud-based storage, while locally installed copies can open files from local computers, networks and cloud storage.