Azure Active Directory (AAD) Connect architecture in a diagram

Below diagram outlines the AAD Connect architecture and how data flows from one data source (e.g. AD) to another data source (e.g. Azure AD).

Terminology

Connector: A connector is a module that AAD Connect uses to connect (read/write) to a repository. AAD Connect comes with different connectors for different data repositories like AD, SQL Server

Connected data source (CD): Data repository being synchronized by AAD Connect

Connector space (CS): Storage area used by AAD Connect to store staging objects from connected data source. A separate CS is used for each connected data source.

Metaverse (MV): Storage area used by AAD Connect to store ‘synchronized objects’ i.e. objects that are ‘combined, integerated, global’ representation of objects from different connector spaces.

Source anchor: A unique attribute assigned to each staging object held inside connector space in AAD Connect. Value of this attribute uniquely identifies the object inside the connected data source e.g. For AD, objectGUID is the source anchor.

Pending import object: A staging object inside a connector space that’s been flagged as ‘pending import’ which means AAD Connect has detected that this object has updates — Add, update, delete — that need to be processed during ‘inbound synchronization’ (Connector space → Metaverse).

Pending export object: An object inside a connector space that AAD Connect has flagged as being having updats that need to be pushed to connected data source during ‘Export’. Outbound synchronization (Metaverse → Connected space) either creates new pending export objects or flags existing staging objects as pending export ones.

Joined object: A staging object in connector space that’s linked with a metaverse object. One metaverse object can be linked with multiple connector space objects but not vice versa.

Disjoined object: A staging object in connector space that’s not linked with any metaverse object.

Import process: Step 1 of the synchronization cycle during which AAD Connect brings in updates from a connected data source to it’s own connector space and either creates new ‘pending import’ staging objects or updates existing staging objects. AAD Connect uses ‘source anchor’ attribute to match objects from connected data source to their counterparts in connector space.

Synchronization process: Step 2 of the synchronization cycle during which AAD Connect does two things — Inbound synchronization processes all ‘pending import’ objects and makes the updates to corresponding linked objects in metaverse, outbound synchronization processes the updates from metaverse objects and makes the updates to corresponding linked objects in connector space.

Export process: Step 3 of the synchronization cycle during which AAD Connect processes ‘pending export’ objects and push out the changes to connected data source

Question: What creates a ‘pending import’ object?

Answer: Import process when it processes incoming changes from a connected data source.

Question: What creates a ‘pending export’ object?

Answer: Outbound synchronization process when it compares the objects in metaverse to their linked counterparts in connector space.