Microsoft Entra Connect: ADConnectivityTools PowerShell Reference
The following documentation provides reference information for the ADConnectivityTools
PowerShell module included with Microsoft Entra Connect in C:\Program Files\Azure Active Directory Connect\Tools\ADConnectivityTool.psm1
.
Detects local Dns issues.
Confirm-DnsConnectivity [-Forest] <String> [-DCs] <Array> [-ReturnResultAsPSObject] [<CommonParameters>]
Runs local Dns connectivity tests. In order to configure the Active Directory connector, Microsoft Entra Connect server must have both name resolution for the forest it's attempting to connect to as well as to the domain controllers associated to this forest.
Confirm-DnsConnectivity -Forest "TEST.CONTOSO.COM" -DCs "MYDC1.CONTOSO.COM","MYDC2.CONTOSO.COM"
Confirm-DnsConnectivity -Forest "TEST.CONTOSO.COM"
Specifies the name of the forest to test against.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specify DCs to test against.
Type: Array
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Returns the result of this diagnosis in the form of a PSObject. Not necessary during manual interaction with this tool.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Determines if a specified forest exists.
Confirm-ForestExists [-Forest] <String> [<CommonParameters>]
Queries a DNS server for the IP addresses associated with a forest.
Confirm-TargetsAreReachable -Forest "TEST.CONTOSO.COM"
Specifies the name of the forest to test against.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Verifies AD forest functional level.
Confirm-FunctionalLevel -Forest <String> [-RunWithCurrentlyLoggedInUserCredentials] [<CommonParameters>]
Confirm-FunctionalLevel -ForestFQDN <Forest> [-RunWithCurrentlyLoggedInUserCredentials] [<CommonParameters>]
Verifies that the AD forest functional level is equal or more than a given MinAdForestVersion (WindowsServer2003). Account (Domain\Username) and Password may be requested.
Confirm-FunctionalLevel -Forest "test.contoso.com"
Confirm-FunctionalLevel -Forest "test.contoso.com" -RunWithCurrentlyLoggedInUserCredentials -Verbose
Confirm-FunctionalLevel -ForestFQDN $ForestFQDN -RunWithCurrentlyLoggedInUserCredentials -Verbose
Target forest. Default value is the Forest of the currently logged in user.
Type: String
Parameter Sets: SamAccount
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Target ForestFQDN Object.
Type: Forest
Parameter Sets: ForestFQDN
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The function will use the credentials of the user that is currently logged in the computer, rather than requesting custom credentials from the user.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Detects local network connectivity issues.
Confirm-NetworkConnectivity [-DCs] <Array> [-SkipDnsPort] [-ReturnResultAsPSObject] [<CommonParameters>]
Runs local network connectivity tests.
For the local networking tests, Microsoft Entra Connect must be able to communicate with the named domain controllers on ports 53 (DNS), 88 (Kerberos) and 389 (LDAP) Most organizations run DNS on their DCs, which is why this test is currently integrated. Port 53 should be skipped if another DNS server has been specified.
Confirm-NetworkConnectivity -SkipDnsPort -DCs "MYDC1.CONTOSO.COM","MYDC2.CONTOSO.COM"
Confirm-NetworkConnectivity -DCs "MYDC1.CONTOSO.COM","MYDC2.CONTOSO.COM" -Verbose
Specify DCs to test against.
Type: Array
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
If the user is not using DNS services provided by the AD Site / Logon DC, then they may want to skip checking port 53. The user must still be able to resolve _.ldap._tcp.<forestfqdn> in order for the Active Directory Connector configuration to succeed.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
Returns the result of this diagnosis in the form of a PSObject. Not necessary during manual interaction with this tool.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Determines if a specified forest and its associated Domain Controllers are reachable.
Confirm-TargetsAreReachable [-Forest] <String> [-DCs] <Array> [<CommonParameters>]
Runs "ping" tests (whether a computer can reach a destination computer through the network and/or the internet)
Confirm-TargetsAreReachable -Forest "TEST.CONTOSO.COM" -DCs "MYDC1.CONTOSO.COM","MYDC2.CONTOSO.COM"
Confirm-TargetsAreReachable -Forest "TEST.CONTOSO.COM"
Specifies the name of the forest to test against.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specify DCs to test against.
Type: Array
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Validate that the domains in the obtained Forest FQDN are reachable
Confirm-ValidDomains [-Forest <String>] [-RunWithCurrentlyLoggedInUserCredentials] [<CommonParameters>]
Confirm-ValidDomains -ForestFQDN <Forest> [-RunWithCurrentlyLoggedInUserCredentials] [<CommonParameters>]
Validate that all of the domains in the obtained Forest FQDN are reachable by attempting to retrieve DomainGuid and DomainDN. Account (Domain\Username) and Password may be requested.
Confirm-ValidDomains -Forest "test.contoso.com" -Verbose
Confirm-ValidDomains -Forest "test.contoso.com" -RunWithCurrentlyLoggedInUserCredentials -Verbose
Confirm-ValidDomains -ForestFQDN $ForestFQDN -RunWithCurrentlyLoggedInUserCredentials -Verbose
Target forest.
Type: String
Parameter Sets: SamAccount
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Target ForestFQDN Object.
Type: Forest
Parameter Sets: ForestFQDN
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The function will use the credentials of the user that is currently logged in the computer, rather than requesting custom credentials from the user.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Verifies if a user has Enterprise Admin credentials.
Confirm-ValidEnterpriseAdminCredentials [-RunWithCurrentlyLoggedInUserCredentials] [<CommonParameters>]
Searches if provided user has Enterprise Admin credentials. Account (Domain\Username) and Password may be requested.
Confirm-ValidEnterpriseAdminCredentials -DomainName test.contoso.com -Verbose
Confirm-ValidEnterpriseAdminCredentials -RunWithCurrentlyLoggedInUserCredentials -Verbose
The function will use the credentials of the user that is currently logged in the computer, rather than requesting custom credentials from the user.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Retrieves a DomainFQDN out of an account and password combination.
Get-DomainFQDNData [[-DomainFQDNDataType] <String>] [-RunWithCurrentlyLoggedInUserCredentials]
[-ReturnExceptionOnError] [<CommonParameters>]
Attempts to obtain a domainFQDN object out of provided credentials. If the domainFQDN is valid, a DomainFQDNName or RootDomainName will be returned, depending on the user's choice. Account (Domain\Username) and Password may be requested.
Get-DomainFQDNData -DomainFQDNDataType DomainFQDNName -Verbose
Get-DomainFQDNData -DomainFQDNDataType RootDomainName -RunWithCurrentlyLoggedInUserCredentials
Desired kind of data that will be retrieved. Currently limited to "DomainFQDNName" or "RootDomainName".
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The function will use the credentials of the user that is currently logged in the computer, rather than requesting custom credentials from the user.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
Auxiliary parameter used by Start-NetworkConnectivityDiagnosisTools function
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Retrieves a ForestFQDN out of an account and password combination.
Get-ForestFQDN [-Forest] <String> [-RunWithCurrentlyLoggedInUserCredentials] [<CommonParameters>]
Attempts to obtain a ForestFQDN out of the provided credentials. Account (Domain\Username) and Password may be requested.
Get-ForestFQDN -Forest CONTOSO.MICROSOFT.COM -Verbose
Get-ForestFQDN -Forest CONTOSO.MICROSOFT.COM -RunWithCurrentlyLoggedInUserCredentials -Verbose
Target forest.Default value is the Domain of the currently logged in user.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The function will use the credentials of the user that is currently logged in the computer, rather than requesting custom credentials from the user.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Main function.
Start-ConnectivityValidation [-Forest] <String> [-AutoCreateConnectorAccount] <Boolean> [[-UserName] <String>]
[<CommonParameters>]
Runs all the available mechanisms that verify AD credentials are valid.
Start-ConnectivityValidation -Forest "test.contoso.com" -AutoCreateConnectorAccount $True -Verbose
Target forest.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
For Custom-installations: Flag that is $True if the user chose "Create new AD account" on the AD Forest Account window of Microsoft Entra Connect's wizard. $False if the user chose "Use existing AD account". For Express-installations: The value of this variable must be $True for Express-installations.
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
Parameter that pre-populates the Username field when user's credentials are requested.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Main function for network connectivity tests.
Start-NetworkConnectivityDiagnosisTools [[-Forest] <String>] [-Credentials] <PSCredential>
[[-LogFileLocation] <String>] [[-DCs] <Array>] [-DisplayInformativeMessage] [-ReturnResultAsPSObject]
[-ValidCredentials] [<CommonParameters>]
Runs local network connectivity tests.
Start-NetworkConnectivityDiagnosisTools -Forest "TEST.CONTOSO.COM"
Start-NetworkConnectivityDiagnosisTools -Forest "TEST.CONTOSO.COM" -DCs "DC1.TEST.CONTOSO.COM", "DC2.TEST.CONTOSO.COM"
Specifies forest name to test against.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The user name and password of the user that is running the test. It requires the same level of permissions that is required to run the Microsoft Entra Connect Wizard.
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specifies the location of a log file that will contain the output of this function.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Specify DCs to test against.
Type: Array
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Flag that allows displaying a message about the purpose of this function.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
Returns the result of this diagnosis in the form of a PSObject. Not necessary to specify during manual interaction with this tool.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
Indicates if the credentials the user typed are valid. Not necessary to specify during manual interaction with this tool.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).