An overview of Azure AD Connect’s PowerShell Modules and Cmdlets

Reading Time: 2 minutes

Azure AD Connect

Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their attributes from on-premises Active Directory Domain Services (AD DS) environments and LDAP v3-compatible directories to Azure Active Directory.

Azure AD Connect needs to be installed on a Windows Server with Desktop Experience, but this does not mean there aren’t some tools available to automate.

This blogpost features the built-in and extra PowerShell modules and cmdlets available with Azure AD Connect.

 

Azure AD Connect’s Built-in PowerShell modules

The following Windows PowerShell modules and cmdlets are available as part of Azure AD Connect:

 

ADSync

The core PowerShell functionality for Azure AD Connect can be found in the ADSync Windows PowerShell module, It offers the following Windows PowerShell cmdlets:

  • Add-ADSyncAADServiceAccount
  • Add-ADSyncAttributeFlowMapping
  • Add-ADSyncConnector
  • Add-ADSyncConnectorAnchorConstructionSettings
  • Add-ADSyncConnectorAttributeInclusion
  • Add-ADSyncConnectorHierarchyProvisioningMapping
  • Add-ADSyncConnectorObjectInclusion
  • Add-ADSyncGlobalSettingsParameter
  • Add-ADSyncJoinConditionGroup
  • Add-ADSyncRule
  • Add-ADSyncRunProfile
  • Add-ADSyncRunStep
  • Add-ADSyncScopeConditionGroup
  • Add-AgentToResourceGroup
  • Disable-ADSyncConnectorPartition
  • Disable-ADSyncConnectorPartitionHierarchy
  • Disable-ADSyncExportDeletionThreshold
  • Enable-ADSyncConnectorPartition
  • Enable-ADSyncConnectorPartitionHierarchy
  • Enable-ADSyncExportDeletionThreshold
  • Get-ADSyncAADCompanyFeature
  • Get-ADSyncAADPasswordResetConfiguration
  • Get-ADSyncAADPasswordSyncConfiguration
  • Get-ADSyncADConnectorSchemaDsml
  • Get-ADSyncAutoUpgrade 
  • Get-ADSyncConnector
  • Get-ADSyncConnectorHierarchyProvisioningDNComponent
  • Get-ADSyncConnectorHierarchyProvisioningMapping
  • Get-ADSyncConnectorHierarchyProvisioningObjectClass
  • Get-ADSyncConnectorParameter
  • Get-ADSyncConnectorPartition
  • Get-ADSyncConnectorPartitionHierarchy
  • Get-ADSyncConnectorRunStatus
  • Get-ADSyncConnectorStatistics
  • Get-ADSyncConnectorTypes
  • Get-ADSyncCSObject
  • Get-ADSyncCSObjectLog
  • Get-ADSyncDatabaseConfiguration
  • Get-ADSyncExportDeletionThreshold 
  • Get-ADSyncGlobalSettings
  • Get-ADSyncGlobalSettingsParameter 
  • Get-ADSyncMVObject
  • Get-ADSyncPartitionPasswordSyncState
  • Get-ADSyncRule
  • Get-ADSyncRunProfile
  • Get-ADSyncRunProfileResult
  • Get-ADSyncRunStepResult
  • Get-ADSyncScheduler
  • Get-ADSyncSchedulerConnectorOverride
  • Get-ADSyncSchema
  • Get-ADSyncServerConfiguration
  • Invoke-ADSyncCSObjectPasswordHashSync
  • Invoke-ADSyncGarbageCollection
  • Invoke-ADSyncRunProfile
  • New-ADSyncConnector
  • New-ADSyncJoinCondition
  • New-ADSyncRule
  • New-ADSyncRunProfile
  • New-ADSyncScopeCondition
  • Register-Agent
  • Remove-ADSyncAADPasswordResetConfiguration
  • Remove-ADSyncAADPasswordSyncConfiguration
  • Remove-ADSyncAADServiceAccount
  • Remove-ADSyncAttributeFlowMapping
  • Remove-ADSyncConnector
  • Remove-ADSyncConnectorAnchorConstructionSettings
  • Remove-ADSyncConnectorAttributeInclusion
  • Remove-ADSyncConnectorHierarchyProvisioningMapping
  • Remove-ADSyncConnectorObjectInclusion
  • Remove-ADSyncGlobalSettingsParameter
  • Remove-ADSyncJoinConditionGroup
  • Remove-ADSyncRule
  • Remove-ADSyncRunProfile
  • Remove-ADSyncRunStep
  • Remove-ADSyncScopeConditionGroup
  • Search-ADSyncDirectoryObjects
  • Set-ADSyncAADCompanyFeature
  • Set-ADSyncAADPasswordResetConfiguration
  • Set-ADSyncAADPasswordSyncConfiguration
  • Set-ADSyncAADPasswordSyncState
  • Set-ADSyncAutoUpgrade
  • Set-ADSyncConnectorParameter
  • Set-ADSyncDirSyncConfiguration
  • Set-ADSyncGlobalSettings
  • Set-ADSyncScheduler
  • Set-ADSyncSchedulerConnectorOverride
  • Set-ADSyncSchema
  • Set-ADSyncServerConfiguration
  • Set-MIISADMAConfiguration
  • Start-ADSyncAADPasswordResetEndpoint
  • Start-ADSyncPurgeRunHistory
  • Start-ADSyncSyncCycle
  • Stop-ADSyncAADPasswordResetEndpoint 
  • Stop-ADSyncRunProfile
  • Stop-ADSyncSyncCycle
  • Sync-ADSyncCSObject
  • Test-AdSyncAzureServiceConnectivity
  • Test-ADSyncGetDirectoryReplicationChanges
  • Test-AdSyncUserHasPermissions
  • Update-ADSyncConnectorPartitions
  • Update-ADSyncConnectorSchema
  • Update-ADSyncDirectoryObject
  • Update-ADSyncDRSCertificates

 

AzureADConnectHealthSync

Azure AD Connect Health for Sync is installed by default on each Azure AD Connect installation. To manage Azure AD Connect Health, the AzureADConnectHealthSync Windows PowerShell module offers the following Windows PowerShell cmdlets:

  • Enable-AzureADConnectHealth
  • Get-AzureADConnectHealthProxySettings
  • Register-AzureADConnectHealthSyncAgent
  • Set-AzureADConnectHealthProxySettings
  • Test-AzureADConnectHealthConnectivity

 

ADSyncDiagnostics

On the system where Azure AD Connect in installed, the ADSyncDiagnostics Windows PowerShell module is also installed by default, offering the Invoke-ADSyncDiagnostics diagnostics tool to troubleshoot object synchronization, troubleshoot password hash synchronization and collect general diagnostics.

 

Azure AD Connect’s tools

Apart from all the functionality that Azure AD Connect brings, Azure AD Connect offers several useful tools shaped as PowerShell modules:

 

ADSyncPrep

The ADSyncPrep Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Initialize-ADSyncDomainJoinedComputerSync
  • Initialize-ADSyncDeviceWriteBack
  • Initialize-ADSyncNGCKeysWriteBack

The ADSyncPrep Windows PowerShell module can only be used if you also have the Active Directory Module for Windows PowerShell installed on the system.

 

ADSyncConfig

The ADSyncConfig Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Set-ADSyncBasicReadPermissions
  • Set-ADSyncRestrictedPermissions
  • Set-ADSyncPasswordHashSyncPermissions
  • Set-ADSyncPasswordWritebackPermissions
  • Set-ADSyncUnifiedGroupWritebackPermissions
  • Set-ADSyncMsDsConsistencyGuidPermissions
  • Set-ADSyncExchangeMailPublicFolderPermissions
  • Set-ADSyncExchangeHybridPermissions
  • Get-ADSyncObjectsWithInheritanceDisabled
  • Show-ADSyncADObjectPermissions
  • Get-ADSyncADConnectorAccount

 

ADConnectivityTool

The ADConnectivityTool Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Get-DomainFQDNData
  • Confirm-ValidEnterpriseAdminCredentials
  • Get-ForestFQDN
  • Confirm-ValidDomains
  • Confirm-FunctionalLevel
  • Confirm-NetworkConnectivity
  • Confirm-DnsConnectivity
  • Confirm-TargetsAreReachable
  • Confirm-ForestExists
  • Start-ConnectivityValidation
  • Start-NetworkConnectivityDiagnosisTools

 

ADSyncTools

The ADSyncTools Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Confirm-ADSyncToolsADModuleLoaded
  • Get-ADSyncToolsADuser
  • Get-ADSyncToolsConsistencyGuid
  • Set-ADSyncToolsConsistencyGuid
  • Clear-ADSyncToolsConsistencyGuid
  • Get-ADSyncToolsObjectGuid
  • Import-ADSyncToolsImmutableIdMigration
  • Export-ADSyncToolsConsistencyGuidMigration
  • Update-ADSyncToolsConsistencyGuidMigration
  • Get-ADSyncToolsRunHistory
  • Get-ADSyncToolsSourceAnchorChanged
  • Remove-ADSyncToolsExpiredCertificates
  • Restore-ADSyncToolsExpiredCertificates
  • Trace-ADSyncToolsADImport
  • Trace-ADSyncToolsLdapQuery
  • Repair-ADSyncToolsAutoUpgradeState
  • Connect-AdSyncDatabase
  • Invoke-AdSyncDatabaseQuery
  • Resolve-ADSyncHostAddress
  • Test-ADSyncNetworkPort
  • Get-ADSyncSQLBrowserInstances 

 

AzureADKerberos

The AzureADKerberos Windows PowerShell module includes the following Windows PowerShell cmdlets:

  • Get-AzureADKerberosServer 
  • Remove-AzureADKerberosServer
  • Set-AzureADKerberosServer

 

Concluding

Azure AD Connect offers a vast array of Windows PowerShell modules and cmdlets to configure and troubleshoot almost every aspect of it.

With 155 available Windows PowerShell cmdlets, there’s always something you can automate!

7 Responses to An overview of Azure AD Connect’s PowerShell Modules and Cmdlets

  1.  

    I can not find the library in import-module Adsync. A lot of searches point to C:Program FilesMicrosoft Azure AD SyncBinADSyncADSync.psd1 but it's not on my Windows 10 build and I can't find it on microsoft's site. Any help would be great.

    • Hi Kent,

      The folder and file is only present on Windows installations and Windows Server installations that have a recent version of Azure AD Connect installed and configured.

       
  2.  

    Thanks for detailed sharing.

  3.  

    Hi Team,

    We have upgraded ADConnect Server and Installed latest version of PowerShell 7, when we run the command "Get-ADSyncScheduler" we are receiving the below error.

    Get-ADSyncScheduler: Could not load type 'System.Web.Util.Utf16StringValidator' from assembly 'System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'.

  4.  

    I got that same error with PS7. When I ran powershell ISE in administrator mode, it worked

  5.  

    Using Powershell 7.4 on an Azure AD Connect server and the ADSync module installed – when I run: Get-ADSyncServerConfiguration
    I receive the following error:

    The term 'Get-ADSyncServerConfiguration' is not recognized as a name of a cmdlet, function, script file, or executable program. Check the spelling of the name, or if a
    path was included, verify that the path is correct and try again.

    I have checked the included commands listed above and it should be present and recognised yet it isn't. Any pointers? Thanks very much for the article.

    • I run the PowerShell cmdlets in the default PowerShell version that ships with Windows Server (PowerShell 5) without problems.

       

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.