An overview of Azure AD Connect’s PowerShell Modules and Cmdlets

Azure AD Connect

Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory.

Azure AD Connect needs to be installed on a Windows Server with Desktop Experience, but this does not mean there aren’t some tools available to automate.

This blogpost features the built-in and extra PowerShell modules and cmdlets available with Azure AD Connect.

              

Azure AD Connect’s Built-in PowerShell modules

The following Windows PowerShell modules and cmdlets are available as part of Azure AD Connect:

          

ADSync

The core PowerShell functionality for Azure AD Connect can be found in the ADSync Windows PowerShell module, It offers the following Windows PowerShell cmdlets:

  • Add-ADSyncAADServiceAccount

  • Add-ADSyncAttributeFlowMapping
  • Add-ADSyncConnector
  • Add-ADSyncConnectorAnchorConstructionSettings
  • Add-ADSyncConnectorAttributeInclusion
  • Add-ADSyncConnectorHierarchyProvisioningMapping
  • Add-ADSyncConnectorObjectInclusion
  • Add-ADSyncGlobalSettingsParameter
  • Add-ADSyncJoinConditionGroup
  • Add-ADSyncRule
  • Add-ADSyncRunProfile
  • Add-ADSyncRunStep
  • Add-ADSyncScopeConditionGroup
  • Add-AgentToResourceGroup
  • Disable-ADSyncConnectorPartition
  • Disable-ADSyncConnectorPartitionHierarchy
  • Disable-ADSyncExportDeletionThreshold
  • Enable-ADSyncConnectorPartition
  • Enable-ADSyncConnectorPartitionHierarchy
  • Enable-ADSyncExportDeletionThreshold
  • Get-ADSyncAADCompanyFeature
  • Get-ADSyncAADPasswordResetConfiguration
  • Get-ADSyncAADPasswordSyncConfiguration
  • Get-ADSyncADConnectorSchemaDsml
  • Get-ADSyncAutoUpgrade 
  • Get-ADSyncConnector
  • Get-ADSyncConnectorHierarchyProvisioningDNComponent
  • Get-ADSyncConnectorHierarchyProvisioningMapping
  • Get-ADSyncConnectorHierarchyProvisioningObjectClass
  • Get-ADSyncConnectorParameter
  • Get-ADSyncConnectorPartition
  • Get-ADSyncConnectorPartitionHierarchy
  • Get-ADSyncConnectorRunStatus
  • Get-ADSyncConnectorStatistics
  • Get-ADSyncConnectorTypes
  • Get-ADSyncCSObject
  • Get-ADSyncCSObjectLog
  • Get-ADSyncDatabaseConfiguration
  • Get-ADSyncExportDeletionThreshold 
  • Get-ADSyncGlobalSettings
  • Get-ADSyncGlobalSettingsParameter 
  • Get-ADSyncMVObject
  • Get-ADSyncPartitionPasswordSyncState
  • Get-ADSyncRule
  • Get-ADSyncRunProfile
  • Get-ADSyncRunProfileResult
  • Get-ADSyncRunStepResult
  • Get-ADSyncScheduler
  • Get-ADSyncSchedulerConnectorOverride
  • Get-ADSyncSchema
  • Get-ADSyncServerConfiguration
  • Invoke-ADSyncCSObjectPasswordHashSync
  • Invoke-ADSyncGarbageCollection
  • Invoke-ADSyncRunProfile
  • New-ADSyncConnector
  • New-ADSyncJoinCondition
  • New-ADSyncRule
  • New-ADSyncRunProfile
  • New-ADSyncScopeCondition
  • Register-Agent
  • Remove-ADSyncAADPasswordResetConfiguration
  • Remove-ADSyncAADPasswordSyncConfiguration
  • Remove-ADSyncAADServiceAccount
  • Remove-ADSyncAttributeFlowMapping
  • Remove-ADSyncConnector
  • Remove-ADSyncConnectorAnchorConstructionSettings
  • Remove-ADSyncConnectorAttributeInclusion
  • Remove-ADSyncConnectorHierarchyProvisioningMapping
  • Remove-ADSyncConnectorObjectInclusion
  • Remove-ADSyncGlobalSettingsParameter
  • Remove-ADSyncJoinConditionGroup
  • Remove-ADSyncRule
  • Remove-ADSyncRunProfile
  • Remove-ADSyncRunStep
  • Remove-ADSyncScopeConditionGroup
  • Search-ADSyncDirectoryObjects
  • Set-ADSyncAADCompanyFeature
  • Set-ADSyncAADPasswordResetConfiguration
  • Set-ADSyncAADPasswordSyncConfiguration
  • Set-ADSyncAADPasswordSyncState
  • Set-ADSyncAutoUpgrade
  • Set-ADSyncConnectorParameter
  • Set-ADSyncDirSyncConfiguration
  • Set-ADSyncGlobalSettings
  • Set-ADSyncScheduler
  • Set-ADSyncSchedulerConnectorOverride
  • Set-ADSyncSchema
  • Set-ADSyncServerConfiguration
  • Set-MIISADMAConfiguration
  • Start-ADSyncAADPasswordResetEndpoint
  • Start-ADSyncPurgeRunHistory
  • Start-ADSyncSyncCycle
  • Stop-ADSyncAADPasswordResetEndpoint 
  • Stop-ADSyncRunProfile
  • Stop-ADSyncSyncCycle
  • Sync-ADSyncCSObject
  • Test-AdSyncAzureServiceConnectivity
  • Test-ADSyncGetDirectoryReplicationChanges
  • Test-AdSyncUserHasPermissions
  • Update-ADSyncConnectorPartitions
  • Update-ADSyncConnectorSchema
  • Update-ADSyncDirectoryObject
  • Update-ADSyncDRSCertificates

                   

AzureADConnectHealthSync

Azure AD Connect Health for Sync is installed by default on each Azure AD Connect installation. To manage Azure AD Connect Health, the AzureADConnectHealthSync Windows PowerShell module offers the following Windows PowerShell cmdlets:

  • Enable-AzureADConnectHealth
  • Get-AzureADConnectHealthProxySettings
  • Register-AzureADConnectHealthSyncAgent
  • Set-AzureADConnectHealthProxySettings
  • Test-AzureADConnectHealthConnectivity

          

ADSyncDiagnostics

On the system where Azure AD Connect in installed, the ADSyncDiagnostics Windows PowerShell module is also installed by default, offering the Invoke-ADSyncDiagnostics diagnostics tool to troubleshoot object synchronization, troubleshoot password hash synchronization and collect general diagnostics.

               

Azure AD Connect’s tools

Apart from all the functionality that Azure AD Connect brings, Azure AD Connect offers several useful tools shaped as PowerShell modules:

               

ADSyncPrep

The ADSyncPrep Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Initialize-ADSyncDomainJoinedComputerSync
  • Initialize-ADSyncDeviceWriteBack
  • Initialize-ADSyncNGCKeysWriteBack

The ADSyncPrep Windows PowerShell module can only be used if you also have the Active Directory Module for Windows PowerShell installed on the system.

        

ADSyncConfig

The ADSyncConfig Windows
PowerShell module includes the following Windows PowerShell cmdlets:

  • Set-ADSyncBasicReadPermissions
  • Set-ADSyncRestrictedPermissions
  • Set-ADSyncPasswordHashSyncPermissions
  • Set-ADSyncPasswordWritebackPermissions
  • Set-ADSyncUnifiedGroupWritebackPermissions
  • Set-ADSyncMsDsConsistencyGuidPermissions
  • Set-ADSyncExchangeMailPublicFolderPermissions
  • Set-ADSyncExchangeHybridPermissions
  • Get-ADSyncObjectsWithInheritanceDisabled
  • Show-ADSyncADObjectPermissions
  • Get-ADSyncADConnectorAccount

                         

ADConnectivityTool

The ADConnectivityTool Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Get-DomainFQDNData
  • Confirm-ValidEnterpriseAdminCredentials
  • Get-ForestFQDN
  • Confirm-ValidDomains
  • Confirm-FunctionalLevel
  • Confirm-NetworkConnectivity
  • Confirm-DnsConnectivity
  • Confirm-TargetsAreReachable
  • Confirm-ForestExists
  • Start-ConnectivityValidation
  • Start-NetworkConnectivityDiagnosisTools

                        

ADSyncTools

The ADSyncTools Windows
PowerShell module includes the following Windows PowerShell cmdlets:

  • Confirm-ADSyncToolsADModuleLoaded
  • Get-ADSyncToolsADuser
  • Get-ADSyncToolsConsistencyGuid
  • Set-ADSyncToolsConsistencyGuid
  • Clear-ADSyncToolsConsistencyGuid
  • Get-ADSyncToolsObjectGuid
  • Import-ADSyncToolsImmutableIdMigration
  • Export-ADSyncToolsConsistencyGuidMigration
  • Update-ADSyncToolsConsistencyGuidMigration
  • Get-ADSyncToolsRunHistory
  • Get-ADSyncToolsSourceAnchorChanged
  • Remove-ADSyncToolsExpiredCertificates
  • Restore-ADSyncToolsExpiredCertificates
  • Trace-ADSyncToolsADImport
  • Trace-ADSyncToolsLdapQuery
  • Repair-ADSyncToolsAutoUpgradeState
  • Connect-AdSyncDatabase
  • Invoke-AdSyncDatabaseQuery
  • Resolve-ADSyncHostAddress
  • Test-ADSyncNetworkPort
  • Get-ADSyncSQLBrowserInstances 

                                

AzureADKerberos

The AzureADKerberos Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Get-AzureADKerberosServer 
  • Remove-AzureADKerberosServer
  • Set-AzureADKerberosServer

Concluding

Azure AD Connect offers a vast array of Windows PowerShell modules and cmdlets to configure and troubleshoot almost every aspect of it.

With 155 available Windows PowerShell cmdlets, there’s always something you can automate!

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.