Microsoft Entra Connect: ADSyncTools PowerShell Reference
The following documentation provides reference information for the ADSyncTools.psm1
PowerShell module included with Microsoft Entra Connect.
Install the ADSyncTools PowerShell module
To install the ADSyncTools PowerShell module do the following:
- Open Windows PowerShell with administrative privileges
- Type or copy and paste the following:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Install-Module -Name ADSyncTools
- Hit enter.
- To verify the module was installed, enter or copy and paste the following"
Get-module ADSyncTools
- You should now see information about the module.
Clear-ADSyncToolsMsDsConsistencyGuid
SYNOPSIS
Clear an Active Directory object mS-DS-ConsistencyGuid
SYNTAX
Clear-ADSyncToolsMsDsConsistencyGuid [-Identity] <Object> [<CommonParameters>]
DESCRIPTION
Clears the value in mS-DS-ConsistencyGuid for the target Active Directory object. Supports Active Directory objects in multi-domain forests.
EXAMPLES
EXAMPLE 1
Clear-ADSyncToolsMsDsConsistencyGuid -Identity 'CN=User1,OU=Sync,DC=Contoso,DC=com'
EXAMPLE 2
Clear-ADSyncToolsMsDsConsistencyGuid -Identity 'User1@Contoso.com'
EXAMPLE 3
'User1@Contoso.com' | Clear-ADSyncToolsMsDsConsistencyGuid
PARAMETERS
-Identity
Target object in AD to clear mS-DS-ConsistencyGuid
Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Connect-ADSyncToolsSqlDatabase
SYNOPSIS
Connect to a SQL database for testing purposes
SYNTAX
Connect-ADSyncToolsSqlDatabase [-Server] <String> [[-Instance] <String>] [[-Database] <String>]
[[-Port] <String>] [[-UserName] <String>] [[-Password] <String>] [<CommonParameters>]
DESCRIPTION
SQL Diagnostics related functions and utilities
EXAMPLES
EXAMPLE 1
Connect-ADSyncToolsSqlDatabase -Server 'sqlserver01.contoso.com' -Database 'ADSync'
EXAMPLE 2
Connect-ADSyncToolsSqlDatabase -Server 'sqlserver01.contoso.com' -Instance 'INTANCE01' -Database 'ADSync'
PARAMETERS
-Server
SQL Server Name
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Instance
SQL Server Instance Name
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Database
SQL Server Database Name
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Port
SQL Server Port (for example, 49823
)
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-UserName
SQL Server Login Username
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Password
SQL Server Login Password
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
ConvertFrom-ADSyncToolsAadDistinguishedName
SYNOPSIS
Convert Microsoft Entra Connector DistinguishedName to ImmutableId
SYNTAX
ConvertFrom-ADSyncToolsAadDistinguishedName [-DistinguishedName] <String> [<CommonParameters>]
DESCRIPTION
Takes a Microsoft Entra Connector DistinguishedName like CN={514635484D4B376E38307176645973555049486139513D3D}
and converts to the respective base64 ImmutableID value, such as QF5HMK7n80qvdYsUPIHa9Q==
EXAMPLES
EXAMPLE 1
ConvertFrom-ADSyncToolsAadDistinguishedName 'CN={514635484D4B376E38307176645973555049486139513D3D}'
PARAMETERS
-DistinguishedName
Microsoft Entra Connector Space DistinguishedName
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
ConvertFrom-ADSyncToolsImmutableID
SYNOPSIS
Convert Base64 ImmutableId (SourceAnchor) to GUID value
SYNTAX
ConvertFrom-ADSyncToolsImmutableID [-Value] <String> [<CommonParameters>]
DESCRIPTION
Converts value of the ImmutableID from Base64 string and returns a GUID value In case Base64 string can't be converted to GUID, returns a Byte Array.
EXAMPLES
EXAMPLE 1
ConvertFrom-ADSyncToolsImmutableID 'iGhmiAEBERG7uxI0VniQqw=='
EXAMPLE 2
'iGhmiAEBERG7uxI0VniQqw==' | ConvertFrom-ADSyncToolsImmutableID
PARAMETERS
-Value
ImmutableId in Base64 format
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
ConvertTo-ADSyncToolsAadDistinguishedName
SYNOPSIS
Convert ImmutableId to Microsoft Entra Connector DistinguishedName
SYNTAX
ConvertTo-ADSyncToolsAadDistinguishedName [-ImmutableId] <String> [<CommonParameters>]
DESCRIPTION
Takes an ImmutableId (SourceAnchor) like QF5HMK7n80qvdYsUPIHa9Q== and converts to the respective Microsoft Entra Connector DistinguishedName value, such as CN={514635484D4B376E38307176645973555049486139513D3D}
EXAMPLES
EXAMPLE 1
ConvertTo-ADSyncToolsAadDistinguishedName 'QF5HMK7n80qvdYsUPIHa9Q=='
PARAMETERS
-ImmutableId
ImmutableId (SourceAnchor)
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
ConvertTo-ADSyncToolsCloudAnchor
SYNOPSIS
Convert Base64 Anchor to CloudAnchor
SYNTAX
ConvertTo-ADSyncToolsCloudAnchor [-Anchor] <String> [<CommonParameters>]
DESCRIPTION
Takes a Base64 Anchor like VAAAAFUAcwBlAHIAXwBjADcAMgA5ADAAMwBlAGQALQA3ADgAMQA2AC0ANAAxAGMAZAAtADkAMAA2ADYALQBlAGEAYwAzADMAZAAxADcAMQBkADcANwAAAA==
and converts to the respective CloudAnchor value, such as User_00aa00aa-bb11-cc22-dd33-44ee44ee44ee
EXAMPLES
EXAMPLE 1
ConvertTo-ADSyncToolsCloudAnchor "VAAAAFUAcwBlAHIAXwBjADcAMgA5ADAAMwBlAGQALQA3ADgAMQA2AC0ANAAxAGMAZAAtADkAMAA2ADYALQBlAGEAYwAzADMAZAAxADcAMQBkADcANwAAAA=="
EXAMPLE 2
"VAAAAFUAcwBlAHIAXwBjADcAMgA5ADAAMwBlAGQALQA3ADgAMQA2AC0ANAAxAGMAZAAtADkAMAA2ADYALQBlAGEAYwAzADMAZAAxADcAMQBkADcANwAAAA==" | ConvertTo-ADSyncToolsCloudAnchor
PARAMETERS
-Anchor
Base64 Anchor
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
ConvertTo-ADSyncToolsImmutableID
SYNOPSIS
Convert GUID (ObjectGUID / ms-Ds-Consistency-Guid) to a Base64 string
SYNTAX
ConvertTo-ADSyncToolsImmutableID [-Value] <Object> [<CommonParameters>]
DESCRIPTION
Converts a value in GUID, GUID string or byte array format to a Base64 string
EXAMPLES
EXAMPLE 1
ConvertTo-ADSyncToolsImmutableID '00aa00aa-bb11-cc22-dd33-44ee44ee44ee'
EXAMPLE 2
'00aa00aa-bb11-cc22-dd33-44ee44ee44ee' | ConvertTo-ADSyncToolsImmutableID
PARAMETERS
-Value
GUID, GUID string or byte array
Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Export-ADSyncToolsAadDisconnectors
SYNOPSIS
Export Microsoft Entra Disconnector objects
SYNTAX
Export-ADSyncToolsAadDisconnectors [[-SyncObjectType] <Object>] [<CommonParameters>]
DESCRIPTION
Executes CSExport tool to export all Disconnectors to XML and then takes this XML output and converts it to a CSV file with: UserPrincipalName, Mail, SourceAnchor, DistinguishedName, CsObjectId, ObjectType, ConnectorId, CloudAnchor
EXAMPLES
EXAMPLE 1
Export-ADSyncToolsAadDisconnectors -SyncObjectType 'PublicFolder'
Exports to CSV all PublicFolder Disconnector objects
EXAMPLE 2
Export-ADSyncToolsAadDisconnectors
Exports to CSV all Disconnector objects
PARAMETERS
-SyncObjectType
ObjectType to include in output
Type: Object
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
INPUTS
Use ObjectType argument in case you want to export Disconnectors for a given object type only
OUTPUTS
Exports a CSV file with Disconnector objects containing: UserPrincipalName, Mail, SourceAnchor, DistinguishedName, CsObjectId, ObjectType, ConnectorId and CloudAnchor
Export-ADSyncToolsAadPublicFolders
SYNOPSIS
Exports all synchronized Mail-Enabled Public Folder objects from Microsoft Entra ID to a CSV file
SYNTAX
Export-ADSyncToolsAadPublicFolders [-Credential] <PSCredential> [-Path] <Object> [<CommonParameters>]
DESCRIPTION
This function exports to a CSV file all the synchronized Mail-Enabled Public Folders (MEPF) present in Microsoft Entra ID. It can be used in conjunction with Remove-ADSyncToolsAadPublicFolders to identify and remove orphaned Mail-Enabled Public Folders in Microsoft Entra ID. This function requires the credentials of a Global Administrator in Microsoft Entra ID and authentication with MFA isn't supported. NOTE: If DirSync has been disabled on the tenant, you'll need to temporarily re-enabled DirSync in order to remove orphaned Mail Enabled Public Folders from Microsoft Entra ID.
EXAMPLES
EXAMPLE 1
Export-ADSyncToolsAadPublicFolders -Credential $(Get-Credential) -Path <file_name>
PARAMETERS
-Credential
Microsoft Entra Global Administrator Credential
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: true
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Path
Path for output file
Type: String
Parameter Sets: (All)
Aliases:
Required: true
Position: 2
Default value: None
Accept pipeline input: false (ByPropertyName)
Accept wildcard characters: false
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
INPUTS
OUTPUTS
This cmdlet creates the <filename>
containing all synced Mail-Enabled PublicFolder objects in CSV format.
Export-ADSyncToolsHybridAadJoinReport
SYNOPSIS
Generates a report of certificates stored in Active Directory Computer objects, specifically, certificates issued by the Microsoft Entra hybrid join feature.
SYNTAX
SingleObject
Export-ADSyncToolsHybridAadJoinReport [-DN] <String> [[-Filename] <String>] [<CommonParameters>]
MultipleObjects
Export-ADSyncToolsHybridAadJoinReport [-OU] <String> [[-Filename] <String>] [<CommonParameters>]
DESCRIPTION
This tool checks for all certificates present in UserCertificate property of a Computer object in AD and, for each non-expired certificate present, validates if the certificate was issued for the Microsoft Entra hybrid join feature (that is, Subject Name is CN={ObjectGUID}). Before version 1.4, Microsoft Entra Connect would synchronize to Microsoft Entra any Computer that contained at least one certificate but in Microsoft Entra Connect version 1.4 and later, ADSync engine can identify Microsoft Entra hybrid join certificates and will "cloudfilter" (exclude) the computer object from synchronizing to Microsoft Entra ID unless there's a valid Microsoft Entra hybrid join certificate present. Microsoft Entra Device objects that were already synchronized to AD but don't have a valid Microsoft Entra hybrid join certificate will be deleted from Microsoft Entra ID (CloudFiltered=TRUE) by Microsoft Entra Connect.
EXAMPLES
EXAMPLE 1
Export-ADSyncToolsHybridAzureADjoinCertificateReport -DN 'CN=Computer1,OU=SYNC,DC=Fabrikam,DC=com'
EXAMPLE 2
Export-ADSyncToolsHybridAzureADjoinCertificateReport -OU 'OU=SYNC,DC=Fabrikam,DC=com' -Filename "MyHybridAzureADjoinReport.csv" -Verbose
PARAMETERS
-DN
Computer DistinguishedName
Type: String
Parameter Sets: SingleObject
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-OU
AD OrganizationalUnit
Type: String
Parameter Sets: MultipleObjects
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Filename
Output CSV filename (optional)
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
RELATED LINKS
More Information: Understand Microsoft Entra Connect 1.4.xx.x and device disappearance
Export-ADSyncToolsObjects
SYNOPSIS
Export Microsoft Entra Connect Objects to XML files
SYNTAX
ObjectId
Export-ADSyncToolsObjects [-ObjectId] <Object> [-Source] <Object> [-ExportSerialized] [<CommonParameters>]
DistinguishedName
Export-ADSyncToolsObjects [-DistinguishedName] <Object> [-ConnectorName] <Object> [-ExportSerialized]
[<CommonParameters>]
DESCRIPTION
Exports internal ADSync objects from Metaverse and associated connected objects from Connector Spaces
EXAMPLES
EXAMPLE 1
Export-ADSyncToolsObjects -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -Source Metaverse
EXAMPLE 2
Export-ADSyncToolsObjects -ObjectId 'bbbbbbbb-1111-2222-3333-cccccccccccc' -Source ConnectorSpace
EXAMPLE 3
Export-ADSyncToolsObjects -DistinguishedName 'CN=User1,OU=ADSync,DC=Contoso,DC=com' -ConnectorName 'Contoso.com'
PARAMETERS
-ObjectId
ObjectId is the unique identifier of the object in the respective connector space or metaverse
Type: Object
Parameter Sets: ObjectId
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Source
Source is the table where the object resides which can either ConnectorSpace or Metaverse
Type: Object
Parameter Sets: ObjectId
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-DistinguishedName
DistinguishedName is the identifier of the object in the respective connector space
Type: Object
Parameter Sets: DistinguishedName
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-ConnectorName
ConnectorName is the name of the connector space where the object resides
Type: Object
Parameter Sets: DistinguishedName
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-ExportSerialized
ExportSerialized exports additional XML files
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Export-ADSyncToolsRunHistory
SYNOPSIS
Export Microsoft Entra Connect Run History
SYNTAX
Export-ADSyncToolsRunHistory [-TargetName] <String> [<CommonParameters>]
DESCRIPTION
Function to export Microsoft Entra Connect Run Profile and Run Step results to CSV and XML format respectively. The resulting Run Profile CSV file can be imported into a spreadsheet and the Run Step XML file can be imported with Import-Clixml
EXAMPLES
EXAMPLE 1
Export-ADSyncToolsRunHistory -TargetName MyADSyncHistory
PARAMETERS
-TargetName
Name of the output file
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Export-ADSyncToolsSourceAnchorReport
SYNOPSIS
Export ms-ds-Consistency-Guid Report
SYNTAX
Export-ADSyncToolsSourceAnchorReport [-AlternativeLoginId] [-UserPrincipalName] <String>
[-ImmutableIdGUID] <String> [-Output] <String> [<CommonParameters>]
DESCRIPTION
Generates a ms-ds-Consistency-Guid report based on an import CSV file from Import-ADSyncToolsSourceAnchor
EXAMPLES
EXAMPLE 1
Import-Csv .\AllSyncUsers.csv | Export-ADSyncToolsSourceAnchorReport -Output ".\AllSyncUsers-Report"
EXAMPLE 2
Another example of how to use this cmdlet
PARAMETERS
-AlternativeLoginId
Use Alternative Login ID (mail)
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-UserPrincipalName
UserPrincipalName
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-ImmutableIdGUID
ImmutableIdGUID
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-Output
Output filename for CSV and LOG files
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Get-ADSyncToolsAadObject
SYNOPSIS
Get synced objects for a given SyncObjectType
SYNTAX
Get-ADSyncToolsAadObject [-SyncObjectType] <Object> [-Credential] <PSCredential> [<CommonParameters>]
DESCRIPTION
Reads from Microsoft Entra all synced objects for a given object class (SyncObjectType).
EXAMPLES
EXAMPLE 1
Get-ADSyncToolsAadObject -SyncObjectType 'publicFolder' -Credential $(Get-Credential)
PARAMETERS
-SyncObjectType
Object Type
Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Credential
Microsoft Entra Global Administrator Credential
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
OUTPUTS
This cmdlet returns the "Shadow" properties that are synchronized by the sync client, which might be different than the actual value stored in the respective property of Microsoft Entra ID. For instance, a user's UPN that is synchronized with a non-verified domain suffix 'user@nonverified.domain', will have the UPN suffix in Microsoft Entra ID converted to the tenant's default domain, 'user@tenantname.partner.onmschina.cn'. In this case, Get-ADSyncToolsAadObject will return the "Shadow" value of 'user@nonverified.domain', and not the actual value in Microsoft Entra ID 'user@tenantname.partner.onmschina.cn'.
Get-ADSyncToolsMsDsConsistencyGuid
SYNOPSIS
Get an Active Directory object ms-ds-ConsistencyGuid
SYNTAX
Get-ADSyncToolsMsDsConsistencyGuid [-Identity] <Object> [<CommonParameters>]
DESCRIPTION
Returns the value in mS-DS-ConsistencyGuid attribute of the target Active Directory object in GUID format. Supports Active Directory objects in multi-domain forests.
EXAMPLES
EXAMPLE 1
Get-ADSyncToolsMsDsConsistencyGuid -Identity 'CN=User1,OU=Sync,DC=Contoso,DC=com'
EXAMPLE 2
Get-ADSyncToolsMsDsConsistencyGuid -Identity 'User1@Contoso.com'
EXAMPLE 3
'User1@Contoso.com' | Get-ADSyncToolsMsDsConsistencyGuid
PARAMETERS
-Identity
Target object in AD to get
Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Get-ADSyncToolsRunHistory
SYNOPSIS
Get Microsoft Entra Connect Run History
SYNTAX
Get-ADSyncToolsRunHistory [[-Days] <Int32>] [<CommonParameters>]
DESCRIPTION
Function that returns the Microsoft Entra Connect Run History in XML format
EXAMPLES
EXAMPLE 1
Get-ADSyncToolsRunHistory
EXAMPLE 2
Get-ADSyncToolsRunHistory -Days 3
PARAMETERS
-Days
Number of days back to collect History (default = 1)
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: 1
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Get-ADSyncToolsRunHistoryLegacyWmi
SYNOPSIS
Get Microsoft Entra Connect Run History for older versions of Microsoft Entra Connect (WMI)
SYNTAX
Get-ADSyncToolsRunHistoryLegacyWmi [[-Days] <Int32>] [<CommonParameters>]
DESCRIPTION
Function that returns the Microsoft Entra Connect Run History in XML format
EXAMPLES
EXAMPLE 1
Get-ADSyncToolsRunHistory
EXAMPLE 2
Get-ADSyncToolsRunHistory -Days 3
PARAMETERS
-Days
Number of days back to collect History (default = 1)
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: 1
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Get-ADSyncToolsSqlBrowserInstances
SYNOPSIS
Get SQL Server Instances from SQL Browser service
SYNTAX
Get-ADSyncToolsSqlBrowserInstances [[-Server] <String>]
DESCRIPTION
SQL Diagnostics related functions and utilities
EXAMPLES
EXAMPLE 1
Get-ADSyncToolsSqlBrowserInstances -Server 'sqlserver01'
PARAMETERS
-Server
SQL Server Name
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Get-ADSyncToolsTenantAzureEnvironment
SYNOPSIS
Helper function to get which Azure environment the user belongs.
SYNTAX
Get-ADSyncToolsTenantAzureEnvironment [-Credential] <PSCredential> [<CommonParameters>]
DESCRIPTION
This function will call Oauth discovery endpoint to get CloudInstance and tenant_region_scope to determine the Azure environment. https://login.partner.microsoftonline.cn/{tenant}/.well-known/openid-configuration
EXAMPLES
EXAMPLE 1
Get-ADSyncToolsTenantAzureEnvironment -Credential (Get-Credential)
PARAMETERS
-Credential
The user's PowerShell Credential object:
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
INPUTS
The user's PowerShell Credential object
OUTPUTS
The Azure environment (string)
Get-ADSyncToolsTls12
SYNOPSIS
Gets Client\Server TLS 1.2 settings for .NET Framework
SYNTAX
Get-ADSyncToolsTls12 [<CommonParameters>]
DESCRIPTION
Reads information from the Registry regarding TLS 1.2 for .NET Framework:
Path | Name |
---|---|
HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319 | SystemDefaultTlsVersions |
HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319 | SchUseStrongCrypto |
HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319 | SystemDefaultTlsVersions |
HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319 | SchUseStrongCrypto |
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server | Enabled |
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server | DisabledByDefault |
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client | Enabled |
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client | DisabledByDefault |
EXAMPLES
EXAMPLE 1
Get-ADSyncToolsTls12
PARAMETERS
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
RELATED LINKS
More Information: TLS 1.2 enforcement for Microsoft Entra Connect
Import-ADSyncToolsObjects
SYNOPSIS
Import Microsoft Entra Connect Object from XML file
SYNTAX
Import-ADSyncToolsObjects [-Path] <String> [<CommonParameters>]
DESCRIPTION
Imports an internal ADSync object from XML file that was exported using Export-ADSyncToolsObjects
EXAMPLES
EXAMPLE 1
Import-ADSyncToolsObjects -Path .\20210224-003104_81275a23-0168-eb11-80de-00155d188c11_MV.xml
PARAMETERS
-Path
Path for the XML file to import
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Import-ADSyncToolsRunHistory
SYNOPSIS
Import Microsoft Entra Connect Run History
SYNTAX
Import-ADSyncToolsRunHistory [-Path] <String> [<CommonParameters>]
DESCRIPTION
Function to Import Microsoft Entra Connect Run Step results from XML created using Export-ADSyncToolsRunHistory
EXAMPLES
EXAMPLE 1
Export-ADSyncToolsRunHistory -Path .\RunHistory-RunStep.xml
PARAMETERS
-Path
Path for the XML file to import
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Import-ADSyncToolsSourceAnchor
SYNOPSIS
Import ImmutableID from Microsoft Entra ID
SYNTAX
Import-ADSyncToolsSourceAnchor [-Output] <String> [-IncludeSyncUsersFromRecycleBin] [<CommonParameters>]
DESCRIPTION
Generates a file with all Microsoft Entra ID synchronized users containing the ImmutableID value in GUID format Requirements: MSOnline PowerShell Module
EXAMPLES
EXAMPLE 1
Import-ADSyncToolsSourceAnchor -OutputFile '.\AllSyncUsers.csv'
EXAMPLE 2
Import-ADSyncToolsSourceAnchor -OutputFile '.\AllSyncUsers.csv' -IncludeSyncUsersFromRecycleBin
PARAMETERS
-Output
Output CSV file
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-IncludeSyncUsersFromRecycleBin
Get Synchronized Users from Microsoft Entra ID Recycle Bin
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Invoke-ADSyncToolsSqlQuery
SYNOPSIS
Invoke a SQL query against a database for testing purposes
SYNTAX
Invoke-ADSyncToolsSqlQuery [-SqlConnection] <SqlConnection> [[-Query] <String>] [<CommonParameters>]
DESCRIPTION
SQL Diagnostics related functions and utilities
EXAMPLES
EXAMPLE 1
New-ADSyncToolsSqlConnection -Server SQLserver01.Contoso.com -Port 49823 | Invoke-ADSyncToolsSqlQuery
EXAMPLE 2
$sqlConn = New-ADSyncToolsSqlConnection -Server SQLserver01.Contoso.com -Port 49823
Invoke-ADSyncToolsSqlQuery -SqlConnection $sqlConn -Query 'SELECT *, database_id FROM sys.databases'
PARAMETERS
-SqlConnection
SQL Connection
Type: SqlConnection
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-Query
SQL Query
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: SELECT name, database_id FROM sys.databases
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Remove-ADSyncToolsAadObject
SYNOPSIS
Remove orphaned synced object from Microsoft Entra ID
SYNTAX
CsvInput
Remove-ADSyncToolsAadObject [-Credential] <PSCredential> [-InputCsvFilename] <Object> [-WhatIf] [-Confirm]
[<CommonParameters>]
ObjectInput
Remove-ADSyncToolsAadObject [-Credential] <PSCredential> [-SourceAnchor] <Object> [-SyncObjectType] <Object>
[-WhatIf] [-Confirm] [<CommonParameters>]
DESCRIPTION
Deletes from Microsoft Entra ID a synced object(s) based on SourceAnchor and ObjecType in batches of 10 objects The CSV file can be generated using Export-ADSyncToolsAadDisconnectors
EXAMPLES
EXAMPLE 1
Remove-ADSyncToolsAadObject -InputCsvFilename .\DeleteObjects.csv -Credential (Get-Credential)
EXAMPLE 2
Remove-ADSyncToolsAadObject -SourceAnchor '2epFRNMCPUqhysJL3SWL1A==' -SyncObjectType 'publicFolder' -Credential (Get-Credential)
PARAMETERS
-Credential
Microsoft Entra Global Administrator Credential
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-InputCsvFilename
CSV Input filename
Type: Object
Parameter Sets: CsvInput
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-SourceAnchor
Object SourceAnchor
Type: Object
Parameter Sets: ObjectInput
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-SyncObjectType
Object Type
Type: Object
Parameter Sets: ObjectInput
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet isn't run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
INPUTS
InputCsvFilename must point to a CSV file with at least 2 columns: SourceAnchor, SyncObjectType
OUTPUTS
Shows results from ExportDeletions operation DISCLAIMER: Other than User objects that have a Recycle Bin, any other object types DELETED with this function can't be RECOVERED!
Remove-ADSyncToolsAadPublicFolders
SYNOPSIS
Removes synchronized Mail-Enabled Public Folders (MEPF) present from Microsoft Entra ID. You can specify one SourceAnchor/ImmutableID for the target MEPF object to delete, or provide a CSV list with a batch of objects to delete when used in conjunction with Export-ADSyncToolsAadPublicFolders. This function requires the credentials of a Global Administrator in Microsoft Entra ID and authentication with MFA isn't supported. NOTE: If DirSync has been disabled on the tenant, you'll need to temporary re-enabled DirSync in order to remove orphaned Mail Enabled Public Folders from Microsoft Entra ID.
SYNTAX
Export-ADSyncToolsAadPublicFolders [-Credential] <PSCredential> [-Path] <Object> [<CommonParameters>]
DESCRIPTION
This function exports to a CSV file all the synchronized Mail-Enabled Public Folders (MEPF) present in Microsoft Entra ID. It can be used in conjunction with Remove-ADSyncToolsAadPublicFolders to identify and remove orphaned Mail-Enabled Public Folders in Microsoft Entra ID. This function requires the credentials of a Global Administrator in Microsoft Entra ID and authentication with MFA isn't supported. NOTE: If DirSync has been disabled on the tenant, you'll need to temporarily re-enabled DirSync in order to remove orphaned Mail Enabled Public Folders from Microsoft Entra ID.
EXAMPLES
EXAMPLE 1
Remove-ADSyncToolsAadPublicFolders [-Credential] <PSCredential> [-InputCsvFilename] <Object> [-WhatIf] [-Confirm] [<CommonParameters>]
EXAMPLE 2
Remove-ADSyncToolsAadPublicFolders [-Credential] <PSCredential> [-SourceAnchor] <Object> [-WhatIf] [-Confirm] [<CommonParameters>]
PARAMETERS
-Credential
Microsoft Entra Global Administrator Credential
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: true
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-InputCsvFilename
Path for input CSV file
Type: String
Parameter Sets: InputCsv
Aliases:
Required: true
Position: 2
Default value: None
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false
-SourceAnchor
Target SourceAnchor/ImmutableID
Type: String
Parameter Sets: SourceAnchor
Aliases:
Required: true
Position: 2
Default value: None
Accept pipeline input: true (ByPropertyName)
Accept wildcard characters: false
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
INPUTS
The CSV input file can be generated using Export-ADSyncToolsAadPublicFolders. Path parameters must point to a CSV file with at least 2 columns: SourceAnchor, SyncObjectType.
OUTPUTS
Shows results from ExportDeletions operation.
Remove-ADSyncToolsExpiredCertificates
SYNOPSIS
Script to Remove Expired Certificates from UserCertificate Attribute
SYNTAX
Remove-ADSyncToolsExpiredCertificates [-TargetOU] <String> [[-BackupOnly] <Boolean>] [-ObjectClass] <String>
[<CommonParameters>]
DESCRIPTION
This script takes all the objects from a target Organizational Unit in your Active Directory domain - filtered by Object Class (User/Computer) and deletes all expired certificates present in the UserCertificate attribute. By default (BackupOnly mode) it will only backup expired certificates to a file and not do any changes in AD. If you use -BackupOnly $false
then any Expired Certificate present in UserCertificate attribute for these objects will be removed from Active Directory after being copied to file. Each certificate will be backed up to a separated filename: ObjectClass_ObjectGUID_CertThumprint.cer
. The script will also create a log file in CSV format showing all the users with certificates that either are valid or expired including the actual action taken (Skipped/Exported/Deleted).
EXAMPLES
EXAMPLE 1
Check all users in target OU - Expired Certificates will be copied to separated files and no certificates will be removed
Remove-ADSyncToolsExpiredCertificates -TargetOU "OU=Users,OU=Corp,DC=Contoso,DC=com" -ObjectClass user
EXAMPLE 2
Delete Expired Certs from all Computer objects in target OU - Expired Certificates will be copied to files and removed from AD
Remove-ADSyncToolsExpiredCertificates -TargetOU "OU=Computers,OU=Corp,DC=Contoso,DC=com" -ObjectClass computer -BackupOnly $false
PARAMETERS
-TargetOU
Target OU to lookup for AD objects
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-BackupOnly
BackupOnly won't delete any certificates from AD
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: True
Accept pipeline input: False
Accept wildcard characters: False
-ObjectClass
Object Class filter
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Repair-ADSyncToolsAutoUpgradeState
SYNOPSIS
Repair Microsoft Entra Connect AutoUpgrade State
SYNTAX
Repair-ADSyncToolsAutoUpgradeState
DESCRIPTION
Fixes an issue with AutoUpgrade introduced in build 1.1.524 (May 2017) which disables the online checking of new versions while AutoUpgrade is enabled.
EXAMPLES
EXAMPLE 1
Repair-ADSyncToolsAutoUpgradeState
Resolve-ADSyncToolsSqlHostAddress
SYNOPSIS
Resolve a SQL server name
SYNTAX
Resolve-ADSyncToolsSqlHostAddress [-Server] <String> [<CommonParameters>]
DESCRIPTION
SQL Diagnostics related functions and utilities
EXAMPLES
EXAMPLE 1
Resolve-ADSyncToolsSqlHostAddress -Server 'sqlserver01'
PARAMETERS
-Server
SQL Server Name
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Search-ADSyncToolsADobject
SYNOPSIS
Search an Active Directory object in Active Directory Forest by its UserPrincipalName, sAMAccountName or DistinguishedName
SYNTAX
Search-ADSyncToolsADobject [-Identity] <Object> [<CommonParameters>]
DESCRIPTION
Supports multi-domain queries and returns all the required properties including mS-DS-ConsistencyGuid.
EXAMPLES
EXAMPLE 1
Search-ADSyncToolsADobject 'CN=user1,OU=Sync,DC=Contoso,DC=com'
EXAMPLE 2
Search-ADSyncToolsADobject -Identity "user1@Contoso.com"
EXAMPLE 3
Get-ADUser 'CN=user1,OU=Sync,DC=Contoso,DC=com' | Search-ADSyncToolsADobject
PARAMETERS
-Identity
Target User in AD to set ConsistencyGuid
Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Set-ADSyncToolsMsDsConsistencyGuid
SYNOPSIS
Set an Active Directory object ms-ds-ConsistencyGuid
SYNTAX
Set-ADSyncToolsMsDsConsistencyGuid [-Identity] <Object> [-Value] <Object> [<CommonParameters>]
DESCRIPTION
Sets a value in mS-DS-ConsistencyGuid attribute for the target Active Directory user. Supports Active Directory objects in multi-domain forests.
EXAMPLES
EXAMPLE 1
Set-ADSyncToolsMsDsConsistencyGuid -Identity 'CN=User1,OU=Sync,DC=Contoso,DC=com' -Value '00aa00aa-bb11-cc22-dd33-44ee44ee44ee'
EXAMPLE 2
Set-ADSyncToolsMsDsConsistencyGuid -Identity 'CN=User1,OU=Sync,DC=Contoso,DC=com' -Value 'GGhsjYwBEU+buBsE4sqhtg=='
EXAMPLE 3
Set-ADSyncToolsMsDsConsistencyGuid 'User1@Contoso.com' '11bb11bb-cc22-dd33-ee44-55ff55ff55ff'
EXAMPLE 4
Set-ADSyncToolsMsDsConsistencyGuid 'User1@Contoso.com' 'GGhsjYwBEU+buBsE4sqhtg=='
EXAMPLE 5
'00aa00aa-bb11-cc22-dd33-44ee44ee44ee' | Set-ADSyncToolsMsDsConsistencyGuid -Identity User1
EXAMPLE 6
'GGhsjYwBEU+buBsE4sqhtg==' | Set-ADSyncToolsMsDsConsistencyGuid User1
PARAMETERS
-Identity
Target object in AD to set mS-DS-ConsistencyGuid
Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-Value
Value to set (ImmutableId, Byte array, GUID, GUID string or Base64 string)
Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Set-ADSyncToolsTls12
SYNOPSIS
Sets Client\Server TLS 1.2 settings for .NET Framework
SYNTAX
Set-ADSyncToolsTls12 [[-Enabled] <Boolean>] [<CommonParameters>]
DESCRIPTION
Sets the registry entries to enable/disable TLS 1.2 for .NET Framework:
Path | Name |
---|---|
HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319 | SystemDefaultTlsVersions |
HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319 | SchUseStrongCrypto |
HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319 | SystemDefaultTlsVersions |
HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319 | SchUseStrongCrypto |
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server | Enabled |
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server | DisabledByDefault |
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client | Enabled |
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client | DisabledByDefault |
Running the cmdlet without any parameters will enable TLS 1.2 for .NET Framework
EXAMPLES
EXAMPLE 1
Set-ADSyncToolsTls12
EXAMPLE 2
Set-ADSyncToolsTls12 -Enabled $true
PARAMETERS
-Enabled
TLS 1.2 Enabled
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: True
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
RELATED LINKS
More Information: TLS 1.2 enforcement for Microsoft Entra Connect
Test-ADSyncToolsSqlNetworkPort
SYNOPSIS
Test the SQL Server network port
SYNTAX
Test-ADSyncToolsSqlNetworkPort [[-Server] <String>] [[-Port] <String>]
DESCRIPTION
SQL Diagnostics related functions and utilities
EXAMPLES
EXAMPLE 1
Test-ADSyncToolsSqlNetworkPort -Server 'sqlserver01'
EXAMPLE 2
Test-ADSyncToolsSqlNetworkPort -Server 'sqlserver01' -Port 1433
PARAMETERS
-Server
SQL Server Name
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Port
SQL Server Port
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Trace-ADSyncToolsADImport
SYNOPSIS
Creates a trace file from an Active Directory Import Step
SYNTAX
ADConnectorXML
Trace-ADSyncToolsADImport [-DC] <String> [-RootDN] <String> [[-Filter] <String>] [[-Credential] <PSCredential>]
[-SSL] [-ADConnectorXML] <String> [<CommonParameters>]
ADwatermarkInput
Trace-ADSyncToolsADImport [-DC] <String> [-RootDN] <String> [[-Filter] <String>] [[-Credential] <PSCredential>]
[-SSL] [-ADwatermark] <String> [<CommonParameters>]
DESCRIPTION
Traces all LDAP queries of an Active Directory Import run from a given Active Directory watermark checkpoint (also called a partition cookie). Creates a trace file '.\ADimportTrace_yyyyMMddHHmmss.log' on the current folder. To use -ADConnectorXML, go to the Synchronization Service Manager, right-click your AD Connector and select "Export Connector..."
EXAMPLES
EXAMPLE 1
Trace Active Directory Import for user objects by providing an AD Connector XML file
Trace-ADSyncToolsADImport -DC 'DC1.contoso.com' -RootDN 'DC=Contoso,DC=com' -Filter '(&(objectClass=user))' -ADConnectorXML .\ADConnector.xml
EXAMPLE 2
Trace Active Directory Import for all objects by providing the Active Directory watermark (cookie) and AD Connector credential
$creds = Get-Credential
Trace-ADSyncToolsADImport -DC 'DC1.contoso.com' -RootDN 'DC=Contoso,DC=com' -Credential $creds -ADwatermark "TVNEUwMAAAAXyK9ir1zSAQAAAAAAAAAA(...)"
PARAMETERS
-DC
Target Domain Controller
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-RootDN
Forest Root DN
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Filter
AD objects type to trace. Use '(&(objectClass=*))' for all object types
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: (&(objectClass=*))
Accept pipeline input: False
Accept wildcard characters: False
-Credential
Provide the credential to run LDAP query against AD
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SSL
SSL Connection
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: 5
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-ADConnectorXML
AD Connector Export XML file - Right-click AD Connector and select "Export Connector..."
Type: String
Parameter Sets: ADConnectorXML
Aliases:
Required: True
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ADwatermark
Manual input of watermark, instead of XML file, for example $ADwatermark = "TVNEUwMAAAAXyK9ir1zSAQAAAAAAAAAA(...)"
Type: String
Parameter Sets: ADwatermarkInput
Aliases:
Required: True
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Trace-ADSyncToolsLdapQuery
SYNOPSIS
Trace LDAP queries
SYNTAX
Trace-ADSyncToolsLdapQuery [-RootDN] <String> [-Credential] <PSCredential> [[-Server] <String>]
[[-Port] <Int32>] [-Filter <String>] [<CommonParameters>]
DESCRIPTION
{{ Fill in the Description }}
EXAMPLES
EXAMPLE 1
Trace-ADSyncToolsLdapQuery -RootDN "DC=Contoso,DC=com" -Credential $Credential
PARAMETERS
-RootDN
Forest/Domain DistinguishedName
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Credential
AD Credential
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Server
Domain Controller Name (optional)
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Port
Domain Controller port (default: 389)
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: 389
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Filter
LDAP filter (default: objectClass=*)
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: (objectClass=*)
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Update-ADSyncToolsSourceAnchor
SYNOPSIS
Updates users with the new ConsistencyGuid (ImmutableId)
SYNTAX
Update-ADSyncToolsSourceAnchor [[-DistinguishedName] <String>] [-ImmutableIdGUID] <String> [-Action] <String>
[-Output] <String> [-WhatIf] [-Confirm] [<CommonParameters>]
DESCRIPTION
Updates users with the new ConsistencyGuid (ImmutableId) value taken from the ConsistencyGuid Report. This function supports the -WhatIf
switch.
Note: ConsistencyGuid Report must be imported with Tab delimiter.
EXAMPLES
EXAMPLE 1
Import-Csv .\AllSyncUsers-Report.csv -Delimiter "`t"| Update-ADSyncToolsSourceAnchor -Output .\AllSyncUsersTEST-Result2 -WhatIf
EXAMPLE 2
Import-Csv .\AllSyncUsers-Report.csv -Delimiter "`t"| Update-ADSyncToolsSourceAnchor -Output .\AllSyncUsersTEST-Result2
PARAMETERS
-DistinguishedName
DistinguishedName
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: False
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-ImmutableIdGUID
ImmutableIdGUID
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-Action
Action
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-Output
Output filename for LOG files
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet isn't run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Get-ADSyncToolsDuplicateUsersSourceAnchor
SYNOPSIS
Gets a list of all the objects with "Source anchor has changed" error.
SYNTAX
Get-ADSyncToolsDuplicateUsersSourceAnchor [-ADConnectorName] <Object> [<CommonParameters>]
DESCRIPTION
There are certain scenarios like M&A where Customers add a new forest to Microsoft Entra Connect with duplicate user objects. This causes multiple sync errors if the new connector precedence is higher for the newly joined users. This cmdlet will provide a list of all the objects with "Source anchor has changed" errors.
EXAMPLES
EXAMPLE 1
Get-ADSyncToolsDuplicateUsersSourceAnchor -ADConnectorName Contoso.com
PARAMETERS
-ADConnectorName
AD connector name for which user source anchors needs to be repaired
Type: Object
Parameter Sets: (All)
Aliases:
Required: true
Position: 1
Default value:
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Set-ADSyncToolsDuplicateUsersSourceAnchor
SYNOPSIS
Fixes all the objects with "Source Anchor has changed" error.
SYNTAX
et-ADSyncToolsDuplicateUsersSourceAnchor [-DuplicateUserSourceAnchorInfo] <DuplicateUserSourceAnchorInfo> [-ActiveDirectoryCredential <PSCredential>] [-OverridePrompt <Boolean>] [<CommonParameters>]
DESCRIPTION
This cmdlet takes in the list of objects from Get-ADSyncToolsDuplicateUsersSourceAnchor as pipeline input. It then fixes the sync errors by updating the msDS-ConsistencyGuid attribute with the sourceAnchor/immutableID of the original object. The cmdlet has an optional parameter - "Override prompt", which is False by default. If it is set to True, then the user won't be prompted when updating the msDS-ConsistencyGuid attribute.
EXAMPLES
EXAMPLE 1
Get-ADSyncToolsDuplicateUsersSourceAnchor -ADConnectorName Contoso.lab | Set-ADSyncToolsDuplicateUsersSourceAnchor
EXAMPLE 2
Get-ADSyncToolsDuplicateUsersSourceAnchor -ADConnectorName Contoso.lab | Set-ADSyncToolsDuplicateUsersSourceAnchor -OverridePrompt $true
PARAMETERS
-DuplicateUserSourceAnchorInfo
User list for which the source anchor needs to be fixed
Type: DuplicateUserSourceAnchorInfo
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value:
Accept pipeline input: True (ByValue, ByPropertyName)
Accept wildcard characters: False
-ActiveDirectoryCredential
AD EA/DA Admin Credentials, If not provided default credentials will be used
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value:
Accept pipeline input: False
Accept wildcard characters: False
-OverridePrompt
Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.