Updating ad schema

25 May

Released: September 2014 Initial release of Azure AD Sync.

Learn more about Integrating your on-premises identities with Azure Active Directory.

Make sure you have backups of every AD Database (from each DC). If the LDIF file doesn't pass syntax (say you BSOD in the middle of an update), then it will not be loaded. I've never seen a schema update (so long as it's done properly) go wrong.

If you have more than one DC then make sure there are absolutely no errors reported by . AD will protect itself in most cases from failed schema updates.For each modified sync rule, do the following: Permissions for the Active Directory account The Active Directory account must be granted additional permissions to be able to read the password hashes from Active Directory.The permissions to grant are named “Replicating Directory Changes” and “Replicating Directory Changes All.” Both permissions are required to be able to read the password hashes.Azure AD Connect Synchronization Service will trigger Full Import and Full Sync steps after upgrade. Upgrading from AADSync 1.0 GA If you already have Azure AD Sync installed, there is one additional step you have to take in case you have changed any of the out-of-box synchronization rules.After you have upgraded to the 1.0.470.1023 release, the synchronization rules you have modified are duplicated.