While recently needing to add a new AD group to my firewalls FSSO setup, (to be used in a policy.) The new group could not bee seen (it’s called GS-Web-Block-Override).
FSSO Force Sync
The common fix for this is to create a filter on your FSSO agent server, that will ONLY look of the groups you specify like so.
However, in my case that didn’t work either! I spent ages trawling Forti pages and Reddit, until I came across the following command. (I’ve lost the original link so I can’t credit the poster).
[box]
execute fsso refresh
[/box]
Then, as if by magic, my group appeared!
Related Articles, References, Credits, or External Links
If you are using Azure AD Connect, (AAD Connect) to sync your on-premise Active Directory with Azure AD (i.e. for Office 365), then there may be times when you need to manually ‘force a replication’ because by default it’s going to take 30 minutes between each normal ‘delta replication’
Solution
If you are directly on the server that’s running Azure AD connect, then use the following PowerShell. If you Don’t know which server is running AD connect the see the following link;
Firstly you need to add in the correct module, (you only have to do this once). Though the module should be already installed on the Sync server, let’s not tempt fate and check. (You can also use Get-Module to view installed modules).
[box]
Import-Module ADSync
[/box]
Note: If you get an error you may need to run Import-Module “C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1”
Then to Manually Force a Synchronisation;
[box]
To Perform a FULL Sync
Start-ADSyncSyncCycle -PolicyType Initial
To Perform a (Normal) Delta Sync
Start-ADSyncSyncCycle -PolicyType Delta
[/box]
You can view the Sync settings with;
[box]
Get-ADSyncScheduler
[/box]
But I don’t like that, I prefer to watch synchronisations going on on the ‘Syntonisation Service Manager’ console, you can spot and troubleshoot errors in here also 🙂
Note: To Troubleshoot Sync errors, see the procedure I use in the following post;