Run profiles
Import
read data from the connected data source and store in Connector space (kind of mirroring) . This can be delta or full. Delta imports only the changes since the last successfully finished delta import. Full imports all of the objects (in scope).
Please keep in mind, that confidential attributes won’t be imported by AAD Connect, since these are protected attributes:
the important message is:
“Active Directory performs a read access check on an object in the following cases:
When you evaluate whether the object matches the search filter.
When you return attributes of an object that match the search filter. By default, only administrators have CONTROL_ACCESS permissions to all objects. Therefore, only Administrators can read confidential attributes. Administrators may delegate these permissions to any user or to any group.”
If a deny ACL is applied on an attribute or on the object for the AAD Connect connector account, then AAD Connect won’t import the object or attribute as well.
Synchronization:
Calculation of the changes based on the configured synchronization rules. The inbound and outbound rules will be applied in this step:
source connector space object = inbound rules => metaverse object = outbound synchronization rules => destination connector space (object)
This step can be also delta or full. Delta means, that only the imported changes (see delta import) will be processed.
During the full synchronization all inbound and outbound synchronization rules will be applied again. The changes will be stored in the destination connector space and the state of the destination object will be pending export (can be add, modify or delete).
Export:
Only this steps touches the destination connected data source. The calculated changes will be exported to the destination. In case of AAD Connect this is Azure AD.
Happy Troubleshooting!