An overview of Azure AD Connect’s PowerShell Modules and Cmdlets
Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory.
Azure AD Connect needs to be installed on a Windows Server with Desktop Experience, but this does not mean there aren’t some tools available to automate.
This blogpost features the built-in and extra PowerShell modules and cmdlets available with Azure AD Connect.
Azure AD Connect’s Built-in PowerShell modules
The following Windows PowerShell modules and cmdlets are available as part of Azure AD Connect:
ADSync
The core PowerShell functionality for Azure AD Connect can be found in the ADSync Windows PowerShell module, It offers the following Windows PowerShell cmdlets:
-
Add-ADSyncAADServiceAccount
- Add-ADSyncAttributeFlowMapping
- Add-ADSyncConnector
- Add-ADSyncConnectorAnchorConstructionSettings
- Add-ADSyncConnectorAttributeInclusion
- Add-ADSyncConnectorHierarchyProvisioningMapping
- Add-ADSyncConnectorObjectInclusion
- Add-ADSyncGlobalSettingsParameter
- Add-ADSyncJoinConditionGroup
- Add-ADSyncRule
- Add-ADSyncRunProfile
- Add-ADSyncRunStep
- Add-ADSyncScopeConditionGroup
- Add-AgentToResourceGroup
- Disable-ADSyncConnectorPartition
- Disable-ADSyncConnectorPartitionHierarchy
- Disable-ADSyncExportDeletionThreshold
- Enable-ADSyncConnectorPartition
- Enable-ADSyncConnectorPartitionHierarchy
- Enable-ADSyncExportDeletionThreshold
- Get-ADSyncAADCompanyFeature
- Get-ADSyncAADPasswordResetConfiguration
- Get-ADSyncAADPasswordSyncConfiguration
- Get-ADSyncADConnectorSchemaDsml
- Get-ADSyncAutoUpgrade
- Get-ADSyncConnector
- Get-ADSyncConnectorHierarchyProvisioningDNComponent
- Get-ADSyncConnectorHierarchyProvisioningMapping
- Get-ADSyncConnectorHierarchyProvisioningObjectClass
- Get-ADSyncConnectorParameter
- Get-ADSyncConnectorPartition
- Get-ADSyncConnectorPartitionHierarchy
- Get-ADSyncConnectorRunStatus
- Get-ADSyncConnectorStatistics
- Get-ADSyncConnectorTypes
- Get-ADSyncCSObject
- Get-ADSyncCSObjectLog
- Get-ADSyncDatabaseConfiguration
- Get-ADSyncExportDeletionThreshold
- Get-ADSyncGlobalSettings
- Get-ADSyncGlobalSettingsParameter
- Get-ADSyncMVObject
- Get-ADSyncPartitionPasswordSyncState
- Get-ADSyncRule
- Get-ADSyncRunProfile
- Get-ADSyncRunProfileResult
- Get-ADSyncRunStepResult
- Get-ADSyncScheduler
- Get-ADSyncSchedulerConnectorOverride
- Get-ADSyncSchema
- Get-ADSyncServerConfiguration
- Invoke-ADSyncCSObjectPasswordHashSync
- Invoke-ADSyncGarbageCollection
- Invoke-ADSyncRunProfile
- New-ADSyncConnector
- New-ADSyncJoinCondition
- New-ADSyncRule
- New-ADSyncRunProfile
- New-ADSyncScopeCondition
- Register-Agent
- Remove-ADSyncAADPasswordResetConfiguration
- Remove-ADSyncAADPasswordSyncConfiguration
- Remove-ADSyncAADServiceAccount
- Remove-ADSyncAttributeFlowMapping
- Remove-ADSyncConnector
- Remove-ADSyncConnectorAnchorConstructionSettings
- Remove-ADSyncConnectorAttributeInclusion
- Remove-ADSyncConnectorHierarchyProvisioningMapping
- Remove-ADSyncConnectorObjectInclusion
- Remove-ADSyncGlobalSettingsParameter
- Remove-ADSyncJoinConditionGroup
- Remove-ADSyncRule
- Remove-ADSyncRunProfile
- Remove-ADSyncRunStep
- Remove-ADSyncScopeConditionGroup
- Search-ADSyncDirectoryObjects
- Set-ADSyncAADCompanyFeature
- Set-ADSyncAADPasswordResetConfiguration
- Set-ADSyncAADPasswordSyncConfiguration
- Set-ADSyncAADPasswordSyncState
- Set-ADSyncAutoUpgrade
- Set-ADSyncConnectorParameter
- Set-ADSyncDirSyncConfiguration
- Set-ADSyncGlobalSettings
- Set-ADSyncScheduler
- Set-ADSyncSchedulerConnectorOverride
- Set-ADSyncSchema
- Set-ADSyncServerConfiguration
- Set-MIISADMAConfiguration
- Start-ADSyncAADPasswordResetEndpoint
- Start-ADSyncPurgeRunHistory
- Start-ADSyncSyncCycle
- Stop-ADSyncAADPasswordResetEndpoint
- Stop-ADSyncRunProfile
- Stop-ADSyncSyncCycle
- Sync-ADSyncCSObject
- Test-AdSyncAzureServiceConnectivity
- Test-ADSyncGetDirectoryReplicationChanges
- Test-AdSyncUserHasPermissions
- Update-ADSyncConnectorPartitions
- Update-ADSyncConnectorSchema
- Update-ADSyncDirectoryObject
- Update-ADSyncDRSCertificates
AzureADConnectHealthSync
Azure AD Connect Health for Sync is installed by default on each Azure AD Connect installation. To manage Azure AD Connect Health, the AzureADConnectHealthSync Windows PowerShell module offers the following Windows PowerShell cmdlets:
- Enable-AzureADConnectHealth
- Get-AzureADConnectHealthProxySettings
- Register-AzureADConnectHealthSyncAgent
- Set-AzureADConnectHealthProxySettings
- Test-AzureADConnectHealthConnectivity
ADSyncDiagnostics
On the system where Azure AD Connect in installed, the ADSyncDiagnostics Windows PowerShell module is also installed by default, offering the Invoke-ADSyncDiagnostics diagnostics tool to troubleshoot object synchronization, troubleshoot password hash synchronization and collect general diagnostics.
Azure AD Connect’s tools
Apart from all the functionality that Azure AD Connect brings, Azure AD Connect offers several useful tools shaped as PowerShell modules:
ADSyncPrep
The ADSyncPrep Windows PowerShell module includes the following Windows PowerShell cmdlets:
- Initialize-ADSyncDomainJoinedComputerSync
- Initialize-ADSyncDeviceWriteBack
- Initialize-ADSyncNGCKeysWriteBack
The ADSyncPrep Windows PowerShell module can only be used if you also have the Active Directory Module for Windows PowerShell installed on the system.
ADSyncConfig
The ADSyncConfig Windows
PowerShell module includes the following Windows PowerShell cmdlets:- Set-ADSyncBasicReadPermissions
- Set-ADSyncRestrictedPermissions
- Set-ADSyncPasswordHashSyncPermissions
- Set-ADSyncPasswordWritebackPermissions
- Set-ADSyncUnifiedGroupWritebackPermissions
- Set-ADSyncMsDsConsistencyGuidPermissions
- Set-ADSyncExchangeMailPublicFolderPermissions
- Set-ADSyncExchangeHybridPermissions
- Get-ADSyncObjectsWithInheritanceDisabled
- Show-ADSyncADObjectPermissions
- Get-ADSyncADConnectorAccount
ADConnectivityTool
The ADConnectivityTool Windows PowerShell module includes the following Windows PowerShell cmdlets:
- Get-DomainFQDNData
- Confirm-ValidEnterpriseAdminCredentials
- Get-ForestFQDN
- Confirm-ValidDomains
- Confirm-FunctionalLevel
- Confirm-NetworkConnectivity
- Confirm-DnsConnectivity
- Confirm-TargetsAreReachable
- Confirm-ForestExists
- Start-ConnectivityValidation
- Start-NetworkConnectivityDiagnosisTools
ADSyncTools
The ADSyncTools Windows
PowerShell module includes the following Windows PowerShell cmdlets:- Confirm-ADSyncToolsADModuleLoaded
- Get-ADSyncToolsADuser
- Get-ADSyncToolsConsistencyGuid
- Set-ADSyncToolsConsistencyGuid
- Clear-ADSyncToolsConsistencyGuid
- Get-ADSyncToolsObjectGuid
- Import-ADSyncToolsImmutableIdMigration
- Export-ADSyncToolsConsistencyGuidMigration
- Update-ADSyncToolsConsistencyGuidMigration
- Get-ADSyncToolsRunHistory
- Get-ADSyncToolsSourceAnchorChanged
- Remove-ADSyncToolsExpiredCertificates
- Restore-ADSyncToolsExpiredCertificates
- Trace-ADSyncToolsADImport
- Trace-ADSyncToolsLdapQuery
- Repair-ADSyncToolsAutoUpgradeState
- Connect-AdSyncDatabase
- Invoke-AdSyncDatabaseQuery
- Resolve-ADSyncHostAddress
- Test-ADSyncNetworkPort
- Get-ADSyncSQLBrowserInstances
AzureADKerberos
The AzureADKerberos Windows PowerShell module includes the following Windows PowerShell cmdlets:
- Get-AzureADKerberosServer
- Remove-AzureADKerberosServer
- Set-AzureADKerberosServer
Concluding
Azure AD Connect offers a vast array of Windows PowerShell modules and cmdlets to configure and troubleshoot almost every aspect of it.
With 155 available Windows PowerShell cmdlets, there’s always something you can automate!
The post An overview of Azure AD Connect’s PowerShell Modules and Cmdlets appeared first on The DirTeam.com / ActiveDir.org Weblogs.
windows,microsoft
via The DirTeam.com / ActiveDir.org Weblogs https://dirteam.com
June 8, 2020 at 05:02PM
Sander Berkouwer
Stack IT News 