An overview of Azure AD Connect’s PowerShell Modules and Cmdlets

Azure AD Connect

Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory.

Azure AD Connect needs to be installed on a Windows Server with Desktop Experience, but this does not mean there aren’t some tools available to automate.

This blogpost features the built-in and extra PowerShell modules and cmdlets available with Azure AD Connect.

 

Azure AD Connect’s Built-in PowerShell modules

The following Windows PowerShell modules and cmdlets are available as part of Azure AD Connect:

 

ADSync

The core PowerShell functionality for Azure AD Connect can be found in the ADSync Windows PowerShell module, It offers the following Windows PowerShell cmdlets:

  • Add-ADSyncAADServiceAccount
  • Add-ADSyncAttributeFlowMapping
  • Add-ADSyncConnector
  • Add-ADSyncConnectorAnchorConstructionSettings
  • Add-ADSyncConnectorAttributeInclusion
  • Add-ADSyncConnectorHierarchyProvisioningMapping
  • Add-ADSyncConnectorObjectInclusion
  • Add-ADSyncGlobalSettingsParameter
  • Add-ADSyncJoinConditionGroup
  • Add-ADSyncRule
  • Add-ADSyncRunProfile
  • Add-ADSyncRunStep
  • Add-ADSyncScopeConditionGroup
  • Add-AgentToResourceGroup
  • Disable-ADSyncConnectorPartition
  • Disable-ADSyncConnectorPartitionHierarchy
  • Disable-ADSyncExportDeletionThreshold
  • Enable-ADSyncConnectorPartition
  • Enable-ADSyncConnectorPartitionHierarchy
  • Enable-ADSyncExportDeletionThreshold
  • Get-ADSyncAADCompanyFeature
  • Get-ADSyncAADPasswordResetConfiguration
  • Get-ADSyncAADPasswordSyncConfiguration
  • Get-ADSyncADConnectorSchemaDsml
  • Get-ADSyncAutoUpgrade 
  • Get-ADSyncConnector
  • Get-ADSyncConnectorHierarchyProvisioningDNComponent
  • Get-ADSyncConnectorHierarchyProvisioningMapping
  • Get-ADSyncConnectorHierarchyProvisioningObjectClass
  • Get-ADSyncConnectorParameter
  • Get-ADSyncConnectorPartition
  • Get-ADSyncConnectorPartitionHierarchy
  • Get-ADSyncConnectorRunStatus
  • Get-ADSyncConnectorStatistics
  • Get-ADSyncConnectorTypes
  • Get-ADSyncCSObject
  • Get-ADSyncCSObjectLog
  • Get-ADSyncDatabaseConfiguration
  • Get-ADSyncExportDeletionThreshold 
  • Get-ADSyncGlobalSettings
  • Get-ADSyncGlobalSettingsParameter 
  • Get-ADSyncMVObject
  • Get-ADSyncPartitionPasswordSyncState
  • Get-ADSyncRule
  • Get-ADSyncRunProfile
  • Get-ADSyncRunProfileResult
  • Get-ADSyncRunStepResult
  • Get-ADSyncScheduler
  • Get-ADSyncSchedulerConnectorOverride
  • Get-ADSyncSchema
  • Get-ADSyncServerConfiguration
  • Invoke-ADSyncCSObjectPasswordHashSync
  • Invoke-ADSyncGarbageCollection
  • Invoke-ADSyncRunProfile
  • New-ADSyncConnector
  • New-ADSyncJoinCondition
  • New-ADSyncRule
  • New-ADSyncRunProfile
  • New-ADSyncScopeCondition
  • Register-Agent
  • Remove-ADSyncAADPasswordResetConfiguration
  • Remove-ADSyncAADPasswordSyncConfiguration
  • Remove-ADSyncAADServiceAccount
  • Remove-ADSyncAttributeFlowMapping
  • Remove-ADSyncConnector
  • Remove-ADSyncConnectorAnchorConstructionSettings
  • Remove-ADSyncConnectorAttributeInclusion
  • Remove-ADSyncConnectorHierarchyProvisioningMapping
  • Remove-ADSyncConnectorObjectInclusion
  • Remove-ADSyncGlobalSettingsParameter
  • Remove-ADSyncJoinConditionGroup
  • Remove-ADSyncRule
  • Remove-ADSyncRunProfile
  • Remove-ADSyncRunStep
  • Remove-ADSyncScopeConditionGroup
  • Search-ADSyncDirectoryObjects
  • Set-ADSyncAADCompanyFeature
  • Set-ADSyncAADPasswordResetConfiguration
  • Set-ADSyncAADPasswordSyncConfiguration
  • Set-ADSyncAADPasswordSyncState
  • Set-ADSyncAutoUpgrade
  • Set-ADSyncConnectorParameter
  • Set-ADSyncDirSyncConfiguration
  • Set-ADSyncGlobalSettings
  • Set-ADSyncScheduler
  • Set-ADSyncSchedulerConnectorOverride
  • Set-ADSyncSchema
  • Set-ADSyncServerConfiguration
  • Set-MIISADMAConfiguration
  • Start-ADSyncAADPasswordResetEndpoint
  • Start-ADSyncPurgeRunHistory
  • Start-ADSyncSyncCycle
  • Stop-ADSyncAADPasswordResetEndpoint 
  • Stop-ADSyncRunProfile
  • Stop-ADSyncSyncCycle
  • Sync-ADSyncCSObject
  • Test-AdSyncAzureServiceConnectivity
  • Test-ADSyncGetDirectoryReplicationChanges
  • Test-AdSyncUserHasPermissions
  • Update-ADSyncConnectorPartitions
  • Update-ADSyncConnectorSchema
  • Update-ADSyncDirectoryObject
  • Update-ADSyncDRSCertificates

 

AzureADConnectHealthSync

Azure AD Connect Health for Sync is installed by default on each Azure AD Connect installation. To manage Azure AD Connect Health, the AzureADConnectHealthSync Windows PowerShell module offers the following Windows PowerShell cmdlets:

  • Enable-AzureADConnectHealth
  • Get-AzureADConnectHealthProxySettings
  • Register-AzureADConnectHealthSyncAgent
  • Set-AzureADConnectHealthProxySettings
  • Test-AzureADConnectHealthConnectivity

 

ADSyncDiagnostics

On the system where Azure AD Connect in installed, the ADSyncDiagnostics Windows PowerShell module is also installed by default, offering the Invoke-ADSyncDiagnostics diagnostics tool to troubleshoot object synchronization, troubleshoot password hash synchronization and collect general diagnostics.

 

Azure AD Connect’s tools

Apart from all the functionality that Azure AD Connect brings, Azure AD Connect offers several useful tools shaped as PowerShell modules:

 

ADSyncPrep

The ADSyncPrep Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Initialize-ADSyncDomainJoinedComputerSync
  • Initialize-ADSyncDeviceWriteBack
  • Initialize-ADSyncNGCKeysWriteBack

The ADSyncPrep Windows PowerShell module can only be used if you also have the Active Directory Module for Windows PowerShell installed on the system.

 

ADSyncConfig

The ADSyncConfig Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Set-ADSyncBasicReadPermissions
  • Set-ADSyncRestrictedPermissions
  • Set-ADSyncPasswordHashSyncPermissions
  • Set-ADSyncPasswordWritebackPermissions
  • Set-ADSyncUnifiedGroupWritebackPermissions
  • Set-ADSyncMsDsConsistencyGuidPermissions
  • Set-ADSyncExchangeMailPublicFolderPermissions
  • Set-ADSyncExchangeHybridPermissions
  • Get-ADSyncObjectsWithInheritanceDisabled
  • Show-ADSyncADObjectPermissions
  • Get-ADSyncADConnectorAccount

 

ADConnectivityTool

The ADConnectivityTool Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Get-DomainFQDNData
  • Confirm-ValidEnterpriseAdminCredentials
  • Get-ForestFQDN
  • Confirm-ValidDomains
  • Confirm-FunctionalLevel
  • Confirm-NetworkConnectivity
  • Confirm-DnsConnectivity
  • Confirm-TargetsAreReachable
  • Confirm-ForestExists
  • Start-ConnectivityValidation
  • Start-NetworkConnectivityDiagnosisTools

 

ADSyncTools

The ADSyncTools Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Confirm-ADSyncToolsADModuleLoaded
  • Get-ADSyncToolsADuser
  • Get-ADSyncToolsConsistencyGuid
  • Set-ADSyncToolsConsistencyGuid
  • Clear-ADSyncToolsConsistencyGuid
  • Get-ADSyncToolsObjectGuid
  • Import-ADSyncToolsImmutableIdMigration
  • Export-ADSyncToolsConsistencyGuidMigration
  • Update-ADSyncToolsConsistencyGuidMigration
  • Get-ADSyncToolsRunHistory
  • Get-ADSyncToolsSourceAnchorChanged
  • Remove-ADSyncToolsExpiredCertificates
  • Restore-ADSyncToolsExpiredCertificates
  • Trace-ADSyncToolsADImport
  • Trace-ADSyncToolsLdapQuery
  • Repair-ADSyncToolsAutoUpgradeState
  • Connect-AdSyncDatabase
  • Invoke-AdSyncDatabaseQuery
  • Resolve-ADSyncHostAddress
  • Test-ADSyncNetworkPort
  • Get-ADSyncSQLBrowserInstances 

 

AzureADKerberos

The AzureADKerberos Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Get-AzureADKerberosServer 
  • Remove-AzureADKerberosServer
  • Set-AzureADKerberosServer

 

Concluding

Azure AD Connect offers a vast array of Windows PowerShell modules and cmdlets to configure and troubleshoot almost every aspect of it.

With 155 available Windows PowerShell cmdlets, there’s always something you can automate!

2 Responses to An overview of Azure AD Connect’s PowerShell Modules and Cmdlets

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.