Azure AD Connect: ADSyncTools PowerShell Reference

The following documentation provides reference information for the ADSyncTools.psm1 PowerShell Module that is included with Azure AD Connect.

Install the ADSyncTools PowerShell Module

To install the ADSyncTools PowerShell Module do the following:

  1. Open Windows PowerShell with administrative privileges
  2. Type or copy and paste the following:
        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
        Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
        Import-module -Name "C:\Program Files\Microsoft Azure Active Directory Connect\Tools\AdSyncTools"
    
  3. Hit enter.
  4. To verify the module was installed, enter or copy and paste the following"
    Get-module AdSyncTools
    
  5. You should now see information about the module.

Clear-ADSyncToolsMsDsConsistencyGuid

SYNOPSIS

Clear an Active Directory object mS-DS-ConsistencyGuid

SYNTAX

Clear-ADSyncToolsMsDsConsistencyGuid [-Identity] <Object> [<CommonParameters>]

DESCRIPTION

Clears the value in mS-DS-ConsistencyGuid for the target Active Directory object. Supports Active Directory objects in multi-domain forests.

EXAMPLES

EXAMPLE 1

Clear-ADSyncToolsMsDsConsistencyGuid -Identity 'CN=User1,OU=Sync,DC=Contoso,DC=com'

EXAMPLE 2

Clear-ADSyncToolsMsDsConsistencyGuid -Identity 'User1@Contoso.com'

EXAMPLE 3

'User1@Contoso.com' | Clear-ADSyncToolsMsDsConsistencyGuid

PARAMETERS

-Identity

Target object in AD to clear mS-DS-ConsistencyGuid

Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Connect-ADSyncToolsSqlDatabase

SYNOPSIS

Connect to a SQL database for testing purposes

SYNTAX

Connect-ADSyncToolsSqlDatabase [-Server] <String> [[-Instance] <String>] [[-Database] <String>]
 [[-Port] <String>] [[-UserName] <String>] [[-Password] <String>] [<CommonParameters>]

DESCRIPTION

SQL Diagnostics related functions and utilities

EXAMPLES

EXAMPLE 1

Connect-ADSyncToolsSqlDatabase -Server 'sqlserver01.contoso.com' -Database 'ADSync'

EXAMPLE 2

Connect-ADSyncToolsSqlDatabase -Server 'sqlserver01.contoso.com' -Instance 'INTANCE01' -Database 'ADSync'

PARAMETERS

-Server

SQL Server Name

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Instance

SQL Server Instance Name

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Database

SQL Server Database Name

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Port

SQL Server Port (e.g. 49823)

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-UserName

SQL Server Login Username

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Password

SQL Server Login Password

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

ConvertFrom-ADSyncToolsAadDistinguishedName

SYNOPSIS

Convert Azure AD Connector DistinguishedName to ImmutableId

SYNTAX

ConvertFrom-ADSyncToolsAadDistinguishedName [-DistinguishedName] <String> [<CommonParameters>]

DESCRIPTION

Takes an Azure AD Connector DistinguishedName like CN={514635484D4B376E38307176645973555049486139513D3D} and converts to the respective base64 ImmutableID value, e.g. QF5HMK7n80qvdYsUPIHa9Q==

EXAMPLES

EXAMPLE 1

ConvertFrom-ADSyncToolsAadDistinguishedName 'CN={514635484D4B376E38307176645973555049486139513D3D}'

PARAMETERS

-DistinguishedName

Azure AD Connector Space DistinguishedName

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

ConvertFrom-ADSyncToolsImmutableID

SYNOPSIS

Convert Base64 ImmutableId (SourceAnchor) to GUID value

SYNTAX

ConvertFrom-ADSyncToolsImmutableID [-Value] <String> [<CommonParameters>]

DESCRIPTION

Converts value of the ImmutableID from Base64 string and returns a GUID value In case Base64 string cannot be converted to GUID, returns a Byte Array.

EXAMPLES

EXAMPLE 1

ConvertFrom-ADSyncToolsImmutableID 'iGhmiAEBERG7uxI0VniQqw=='

EXAMPLE 2

'iGhmiAEBERG7uxI0VniQqw==' | ConvertFrom-ADSyncToolsImmutableID

PARAMETERS

-Value

ImmutableId in Base64 format

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

ConvertTo-ADSyncToolsAadDistinguishedName

SYNOPSIS

Convert ImmutableId to Azure AD Connector DistinguishedName

SYNTAX

ConvertTo-ADSyncToolsAadDistinguishedName [-ImmutableId] <String> [<CommonParameters>]

DESCRIPTION

Takes an ImmutableId (SourceAnchor) like QF5HMK7n80qvdYsUPIHa9Q== and converts to the respective Azure AD Connector DistinguishedName value, e.g. CN={514635484D4B376E38307176645973555049486139513D3D}

EXAMPLES

EXAMPLE 1

ConvertTo-ADSyncToolsAadDistinguishedName 'QF5HMK7n80qvdYsUPIHa9Q=='

PARAMETERS

-ImmutableId

ImmutableId (SourceAnchor)

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

ConvertTo-ADSyncToolsCloudAnchor

SYNOPSIS

Convert Base64 Anchor to CloudAnchor

SYNTAX

ConvertTo-ADSyncToolsCloudAnchor [-Anchor] <String> [<CommonParameters>]

DESCRIPTION

Takes a Base64 Anchor like VAAAAFUAcwBlAHIAXwBjADcAMgA5ADAAMwBlAGQALQA3ADgAMQA2AC0ANAAxAGMAZAAtADkAMAA2ADYALQBlAGEAYwAzADMAZAAxADcAMQBkADcANwAAAA== and converts to the respective CloudAnchor value, e.g. User_abc12345-1234-abcd-9876-ab0123456789

EXAMPLES

EXAMPLE 1

ConvertTo-ADSyncToolsCloudAnchor "VAAAAFUAcwBlAHIAXwBjADcAMgA5ADAAMwBlAGQALQA3ADgAMQA2AC0ANAAxAGMAZAAtADkAMAA2ADYALQBlAGEAYwAzADMAZAAxADcAMQBkADcANwAAAA=="

EXAMPLE 2

"VAAAAFUAcwBlAHIAXwBjADcAMgA5ADAAMwBlAGQALQA3ADgAMQA2AC0ANAAxAGMAZAAtADkAMAA2ADYALQBlAGEAYwAzADMAZAAxADcAMQBkADcANwAAAA==" | ConvertTo-ADSyncToolsCloudAnchor

PARAMETERS

-Anchor

Base64 Anchor

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

ConvertTo-ADSyncToolsImmutableID

SYNOPSIS

Convert GUID (ObjectGUID / ms-Ds-Consistency-Guid) to a Base64 string

SYNTAX

ConvertTo-ADSyncToolsImmutableID [-Value] <Object> [<CommonParameters>]

DESCRIPTION

Converts a value in GUID, GUID string or byte array format to a Base64 string

EXAMPLES

EXAMPLE 1

ConvertTo-ADSyncToolsImmutableID '88888888-0101-3333-cccc-1234567890cd'

EXAMPLE 2

'88888888-0101-3333-cccc-1234567890cd' | ConvertTo-ADSyncToolsImmutableID

PARAMETERS

-Value

GUID, GUID string or byte array

Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Export-ADSyncToolsAadDisconnectors

SYNOPSIS

Export Azure AD Disconnector objects

SYNTAX

Export-ADSyncToolsAadDisconnectors [[-SyncObjectType] <Object>] [<CommonParameters>]

DESCRIPTION

Executes CSExport tool to export all Disconnectors to XML and then takes this XML output and converts it to a CSV file with: UserPrincipalName, Mail, SourceAnchor, DistinguishedName, CsObjectId, ObjectType, ConnectorId, CloudAnchor

EXAMPLES

EXAMPLE 1

Export-ADSyncToolsAadDisconnectors -SyncObjectType 'PublicFolder'

Exports to CSV all PublicFolder Disconnector objects

EXAMPLE 2

Export-ADSyncToolsAadDisconnectors

Exports to CSV all Disconnector objects

PARAMETERS

-SyncObjectType

ObjectType to include in output

Type: Object
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

Use ObjectType argument in case you want to export Disconnectors for a given object type only

OUTPUTS

Exports a CSV file with Disconnector objects containing:

UserPrincipalName, Mail, SourceAnchor, DistinguishedName, CsObjectId, ObjectType, ConnectorId and CloudAnchor

Export-ADSyncToolsHybridAadJoinReport

SYNOPSIS

Generates a report of certificates stored in Active Directory Computer objects, specifically, certificates issued by the Hybrid Azure AD join feature.

SYNTAX

SingleObject

Export-ADSyncToolsHybridAadJoinReport [-DN] <String> [[-Filename] <String>] [<CommonParameters>]

MultipleObjects

Export-ADSyncToolsHybridAadJoinReport [-OU] <String> [[-Filename] <String>] [<CommonParameters>]

DESCRIPTION

This tool checks for all certificates present in UserCertificate property of a Computer object in AD and, for each non-expired certificate present, validates if the certificate was issued for the Hybrid Azure AD join feature (that is, Subject Name is CN={ObjectGUID}). Before version 1.4, Azure AD Connect would synchronize to Azure AD any Computer that contained at least one certificate but in Azure AD Connect version 1.4 and later, ADSync engine can identify Hybrid Azure AD join certificates and will "cloudfilter" (exclude) the computer object from synchronizing to Azure AD unless there's a valid Hybrid Azure AD join certificate present. Azure AD Device objects that were already synchronized to AD but do not have a valid Hybrid Azure AD join certificate will be deleted from Azure AD (CloudFiltered=TRUE) by Azure AD Connect.

EXAMPLES

EXAMPLE 1

Export-ADSyncToolsHybridAzureADjoinCertificateReport -DN 'CN=Computer1,OU=SYNC,DC=Fabrikam,DC=com'

EXAMPLE 2

Export-ADSyncToolsHybridAzureADjoinCertificateReport -OU 'OU=SYNC,DC=Fabrikam,DC=com' -Filename "MyHybridAzureADjoinReport.csv" -Verbose

PARAMETERS

-DN

Computer DistinguishedName

Type: String
Parameter Sets: SingleObject
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-OU

AD OrganizationalUnit

Type: String
Parameter Sets: MultipleObjects
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Filename

Output CSV filename (optional)

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

More Information: Understand Azure AD Connect 1.4.xx.x and device disappearance

Export-ADSyncToolsObjects

SYNOPSIS

Export Azure AD Connect Objects to XML files

SYNTAX

ObjectId

Export-ADSyncToolsObjects [-ObjectId] <Object> [-Source] <Object> [-ExportSerialized] [<CommonParameters>]

DistinguishedName

Export-ADSyncToolsObjects [-DistinguishedName] <Object> [-ConnectorName] <Object> [-ExportSerialized]
 [<CommonParameters>]

DESCRIPTION

Exports internal ADSync objects from Metaverse and associated connected objects from Connector Spaces

EXAMPLES

EXAMPLE 1

Export-ADSyncToolsObjects -ObjectId '9D220D58-0700-E911-80C8-000D3A3614C0' -Source Metaverse

EXAMPLE 2

Export-ADSyncToolsObjects -ObjectId '9e220d58-0700-e911-80c8-000d3a3614c0' -Source ConnectorSpace

EXAMPLE 3

Export-ADSyncToolsObjects -DistinguishedName 'CN=User1,OU=ADSync,DC=Contoso,DC=com' -ConnectorName 'Contoso.com'

PARAMETERS

-ObjectId

ObjectId is the unique identifier of the object in the respective connector space or metaverse

Type: Object
Parameter Sets: ObjectId
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Source

Source is the table where the object resides which can either ConnectorSpace or Metaverse

Type: Object
Parameter Sets: ObjectId
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-DistinguishedName

DistinguishedName is the identifier of the object in the respective connector space

Type: Object
Parameter Sets: DistinguishedName
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-ConnectorName

ConnectorName is the name of the connector space where the object resides

Type: Object
Parameter Sets: DistinguishedName
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-ExportSerialized

ExportSerialized exports additional XML files

Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Export-ADSyncToolsRunHistory

SYNOPSIS

Export Azure AD Connect Run History

SYNTAX

Export-ADSyncToolsRunHistory [-TargetName] <String> [<CommonParameters>]

DESCRIPTION

Function to export Azure AD Connect Run Profile and Run Step results to CSV and XML format respectively. The resulting Run Profile CSV file can be imported into a spreadsheet and the Run Step XML file can be imported with Import-Clixml

EXAMPLES

EXAMPLE 1

Export-ADSyncToolsRunHistory -TargetName MyADSyncHistory

PARAMETERS

-TargetName

Name of the output file

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Export-ADSyncToolsSourceAnchorReport

SYNOPSIS

Export ms-ds-Consistency-Guid Report

SYNTAX

Export-ADSyncToolsSourceAnchorReport [-AlternativeLoginId] [-UserPrincipalName] <String>
 [-ImmutableIdGUID] <String> [-Output] <String> [<CommonParameters>]

DESCRIPTION

Generates a ms-ds-Consistency-Guid report based on an import CSV file from Import-ADSyncToolsSourceAnchor

EXAMPLES

EXAMPLE 1

Import-Csv .\AllSyncUsers.csv | Export-ADSyncToolsSourceAnchorReport -Output ".\AllSyncUsers-Report"

EXAMPLE 2

Another example of how to use this cmdlet

PARAMETERS

-AlternativeLoginId

Use Alternative Login ID (mail)

Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-UserPrincipalName

UserPrincipalName

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-ImmutableIdGUID

ImmutableIdGUID

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-Output

Output filename for CSV and LOG files

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Get-ADSyncToolsAadObject

SYNOPSIS

Get synced objects for a given SyncObjectType

SYNTAX

Get-ADSyncToolsAadObject [-SyncObjectType] <Object> [-Credential] <PSCredential> [<CommonParameters>]

DESCRIPTION

Reads from Azure AD all synced objects for a given object class (SyncObjectType).

EXAMPLES

EXAMPLE 1

Get-ADSyncToolsAadObject -SyncObjectType 'publicFolder' -Credential $(Get-Credential)

PARAMETERS

-SyncObjectType

Object Type

Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Credential

Azure AD Global Admin Credential

Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

OUTPUTS

This cmdlet returns the "Shadow" properties that are synchronized by the sync client, which might be different than the actual value stored in the respective property of Azure AD. For instance, a user's UPN that is synchronized with a non-verified domain suffix 'user@nonverified.domain', will have the UPN suffix in Azure AD converted to the tenant's default domain, 'user@tenantname.onmicrosoft.com'. In this case, Get-ADSyncToolsAadObject will return the "Shadow" value of 'user@nonverified.domain', and not the actual value in Azure AD 'user@tenantname.onmicrosoft.com'.

Get-ADSyncToolsMsDsConsistencyGuid

SYNOPSIS

Get an Active Directory object ms-ds-ConsistencyGuid

SYNTAX

Get-ADSyncToolsMsDsConsistencyGuid [-Identity] <Object> [<CommonParameters>]

DESCRIPTION

Returns the value in mS-DS-ConsistencyGuid attribute of the target Active Directory object in GUID format. Supports Active Directory objects in multi-domain forests.

EXAMPLES

EXAMPLE 1

Get-ADSyncToolsMsDsConsistencyGuid -Identity 'CN=User1,OU=Sync,DC=Contoso,DC=com'

EXAMPLE 2

Get-ADSyncToolsMsDsConsistencyGuid -Identity 'User1@Contoso.com'

EXAMPLE 3

'User1@Contoso.com' | Get-ADSyncToolsMsDsConsistencyGuid

PARAMETERS

-Identity

Target object in AD to get

Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Get-ADSyncToolsRunHistory

SYNOPSIS

Get Azure AD Connect Run History

SYNTAX

Get-ADSyncToolsRunHistory [[-Days] <Int32>] [<CommonParameters>]

DESCRIPTION

Function that returns the Azure AD Connect Run History in XML format

EXAMPLES

EXAMPLE 1

Get-ADSyncToolsRunHistory

EXAMPLE 2

Get-ADSyncToolsRunHistory -Days 3

PARAMETERS

-Days

Number of days back to collect History (default = 1)

Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: 1
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Get-ADSyncToolsRunHistoryLegacyWmi

SYNOPSIS

Get Azure AD Connect Run History for older versions of Azure AD Connect (WMI)

SYNTAX

Get-ADSyncToolsRunHistoryLegacyWmi [[-Days] <Int32>] [<CommonParameters>]

DESCRIPTION

Function that returns the Azure AD Connect Run History in XML format

EXAMPLES

EXAMPLE 1

Get-ADSyncToolsRunHistory

EXAMPLE 2

Get-ADSyncToolsRunHistory -Days 3

PARAMETERS

-Days

Number of days back to collect History (default = 1)

Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: 1
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Get-ADSyncToolsSqlBrowserInstances

SYNOPSIS

Get SQL Server Instances from SQL Browser service

SYNTAX

Get-ADSyncToolsSqlBrowserInstances [[-Server] <String>]

DESCRIPTION

SQL Diagnostics related functions and utilities

EXAMPLES

EXAMPLE 1

Get-ADSyncToolsSqlBrowserInstances -Server 'sqlserver01'

PARAMETERS

-Server

SQL Server Name

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Get-ADSyncToolsTenantAzureEnvironment

SYNOPSIS

Helper function to get which Azure environment the user belongs.

SYNTAX

Get-ADSyncToolsTenantAzureEnvironment [-Credential] <PSCredential> [<CommonParameters>]

DESCRIPTION

This function will call Oauth discovery endpoint to get CloudInstance and tenant_region_scope to determine the Azure environment. https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration

EXAMPLES

EXAMPLE 1

Get-ADSyncToolsTenantAzureEnvironment -Credential (Get-Credential)

PARAMETERS

-Credential

The user's PowerShell Credential object:

Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

The user's PowerShell Credential object

OUTPUTS

The Azure environment (string)

Get-ADSyncToolsTls12

SYNOPSIS

Gets Client\Server TLS 1.2 settings for .NET Framework

SYNTAX

Get-ADSyncToolsTls12 [<CommonParameters>]

DESCRIPTION

Reads information from the Registry regarding TLS 1.2 for .NET Framework:

Path Name
HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319 SystemDefaultTlsVersions
HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319 SchUseStrongCrypto
HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319 SystemDefaultTlsVersions
HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319 SchUseStrongCrypto
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server Enabled
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server DisabledByDefault
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client Enabled
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client DisabledByDefault

EXAMPLES

EXAMPLE 1

Get-ADSyncToolsTls12

PARAMETERS

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

More Information: TLS 1.2 enforcement for Azure AD Connect

Import-ADSyncToolsObjects

SYNOPSIS

Import Azure AD Connect Object from XML file

SYNTAX

Import-ADSyncToolsObjects [-Path] <String> [<CommonParameters>]

DESCRIPTION

Imports an internal ADSync object from XML file that was exported using Export-ADSyncToolsObjects

EXAMPLES

EXAMPLE 1

Import-ADSyncToolsObjects -Path .\20210224-003104_81275a23-0168-eb11-80de-00155d188c11_MV.xml

PARAMETERS

-Path

Path for the XML file to import

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Import-ADSyncToolsRunHistory

SYNOPSIS

Import Azure AD Connect Run History

SYNTAX

Import-ADSyncToolsRunHistory [-Path] <String> [<CommonParameters>]

DESCRIPTION

Function to Import Azure AD Connect Run Step results from XML created using Export-ADSyncToolsRunHistory

EXAMPLES

EXAMPLE 1

Export-ADSyncToolsRunHistory -Path .\RunHistory-RunStep.xml

PARAMETERS

-Path

Path for the XML file to import

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Import-ADSyncToolsSourceAnchor

SYNOPSIS

Import ImmutableID from Azure AD

SYNTAX

Import-ADSyncToolsSourceAnchor [-Output] <String> [-IncludeSyncUsersFromRecycleBin] [<CommonParameters>]

DESCRIPTION

Generates a file with all Azure AD Synchronized users containing the ImmutableID value in GUID format Requirements: MSOnline PowerShell Module

EXAMPLES

EXAMPLE 1

Import-ADSyncToolsSourceAnchor -OutputFile '.\AllSyncUsers.csv'

EXAMPLE 2

Another example of how to use this cmdlet

PARAMETERS

-Output

Output CSV file

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IncludeSyncUsersFromRecycleBin

Get Synchronized Users from Azure AD Recycle Bin

Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Invoke-ADSyncToolsSqlQuery

SYNOPSIS

Invoke a SQL query against a database for testing purposes

SYNTAX

Invoke-ADSyncToolsSqlQuery [-SqlConnection] <SqlConnection> [[-Query] <String>] [<CommonParameters>]

DESCRIPTION

SQL Diagnostics related functions and utilities

EXAMPLES

EXAMPLE 1

New-ADSyncToolsSqlConnection -Server SQLserver01.Contoso.com -Port 49823 | Invoke-ADSyncToolsSqlQuery

EXAMPLE 2

$sqlConn = New-ADSyncToolsSqlConnection -Server SQLserver01.Contoso.com -Port 49823

Invoke-ADSyncToolsSqlQuery -SqlConnection $sqlConn -Query 'SELECT *, database_id FROM sys.databases'

PARAMETERS

-SqlConnection

SQL Connection

Type: SqlConnection
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-Query

SQL Query

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: SELECT name, database_id FROM sys.databases
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Remove-ADSyncToolsAadObject

SYNOPSIS

Remove orphaned synced object from Azure AD

SYNTAX

CsvInput

Remove-ADSyncToolsAadObject [-Credential] <PSCredential> [-InputCsvFilename] <Object> [-WhatIf] [-Confirm]
 [<CommonParameters>]

ObjectInput

Remove-ADSyncToolsAadObject [-Credential] <PSCredential> [-SourceAnchor] <Object> [-SyncObjectType] <Object>
 [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

Deletes from Azure AD a synced object(s) based on SourceAnchor and ObjecType in batches of 10 objects The CSV file can be generated using Export-ADSyncToolsAadDisconnectors

EXAMPLES

EXAMPLE 1

Remove-ADSyncToolsAadObject -InputCsvFilename .\DeleteObjects.csv -Credential (Get-Credential)

EXAMPLE 2

Remove-ADSyncToolsAadObject -SourceAnchor '2epFRNMCPUqhysJL3SWL1A==' -SyncObjectType 'publicFolder' -Credential (Get-Credential)

PARAMETERS

-Credential

Azure AD Global Admin Credential

Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-InputCsvFilename

CSV Input filename

Type: Object
Parameter Sets: CsvInput
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-SourceAnchor

Object SourceAnchor

Type: Object
Parameter Sets: ObjectInput
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-SyncObjectType

Object Type

Type: Object
Parameter Sets: ObjectInput
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

InputCsvFilename must point to a CSV file with at least 2 columns: SourceAnchor, SyncObjectType

OUTPUTS

Shows results from ExportDeletions operation DISCLAIMER: Other than User objects that have a Recycle Bin, any other object types DELETED with this function cannot be RECOVERED!

Remove-ADSyncToolsExpiredCertificates

SYNOPSIS

Script to Remove Expired Certificates from UserCertificate Attribute

SYNTAX

Remove-ADSyncToolsExpiredCertificates [-TargetOU] <String> [[-BackupOnly] <Boolean>] [-ObjectClass] <String>
 [<CommonParameters>]

DESCRIPTION

This script takes all the objects from a target Organizational Unit in your Active Directory domain - filtered by Object Class (User/Computer) and deletes all expired certificates present in the UserCertificate attribute. By default (BackupOnly mode) it will only backup expired certificates to a file and not do any changes in AD. If you use -BackupOnly $false then any Expired Certificate present in UserCertificate attribute for these objects will be removed from Active Directory after being copied to file. Each certificate will be backed up to a separated filename: ObjectClass_ObjectGUID_CertThumprint.cer The script will also create a log file in CSV format showing all the users with certificates that either are valid or expired including the actual action taken (Skipped/Exported/Deleted).

EXAMPLES

EXAMPLE 1

Check all users in target OU - Expired Certificates will be copied to separated files and no certificates will be removed

Remove-ADSyncToolsExpiredCertificates -TargetOU "OU=Users,OU=Corp,DC=Contoso,DC=com" -ObjectClass user

EXAMPLE 2

Delete Expired Certs from all Computer objects in target OU - Expired Certificates will be copied to files and removed from AD

Remove-ADSyncToolsExpiredCertificates -TargetOU "OU=Computers,OU=Corp,DC=Contoso,DC=com" -ObjectClass computer -BackupOnly $false

PARAMETERS

-TargetOU

Target OU to lookup for AD objects

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-BackupOnly

BackupOnly will not delete any certificates from AD

Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: True
Accept pipeline input: False
Accept wildcard characters: False

-ObjectClass

Object Class filter

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Repair-ADSyncToolsAutoUpgradeState

SYNOPSIS

Repair Azure AD Connect AutoUpgrade State

SYNTAX

Repair-ADSyncToolsAutoUpgradeState

DESCRIPTION

Fixes an issue with AutoUpgrade introduced in build 1.1.524 (May 2017) which disables the online checking of new versions while AutoUpgrade is enabled.

EXAMPLES

EXAMPLE 1

Repair-ADSyncToolsAutoUpgradeState

Resolve-ADSyncToolsSqlHostAddress

SYNOPSIS

Resolve a SQL server name

SYNTAX

Resolve-ADSyncToolsSqlHostAddress [-Server] <String> [<CommonParameters>]

DESCRIPTION

SQL Diagnostics related functions and utilities

EXAMPLES

EXAMPLE 1

Resolve-ADSyncToolsSqlHostAddress -Server 'sqlserver01'

PARAMETERS

-Server

SQL Server Name

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Search-ADSyncToolsADobject

SYNOPSIS

Search an Active Directory object in Active Directory Forest by its UserPrincipalName, sAMAccountName or DistinguishedName

SYNTAX

Search-ADSyncToolsADobject [-Identity] <Object> [<CommonParameters>]

DESCRIPTION

Supports multi-domain queries and returns all the required properties including mS-DS-ConsistencyGuid.

EXAMPLES

EXAMPLE 1

Search-ADSyncToolsADobject 'CN=user1,OU=Sync,DC=Contoso,DC=com'

EXAMPLE 2

Search-ADSyncToolsADobject -Identity "user1@Contoso.com"

EXAMPLE 3

Get-ADUser 'CN=user1,OU=Sync,DC=Contoso,DC=com' | Search-ADSyncToolsADobject

PARAMETERS

-Identity

Target User in AD to set ConsistencyGuid

Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Set-ADSyncToolsMsDsConsistencyGuid

SYNOPSIS

Set an Active Directory object ms-ds-ConsistencyGuid

SYNTAX

Set-ADSyncToolsMsDsConsistencyGuid [-Identity] <Object> [-Value] <Object> [<CommonParameters>]

DESCRIPTION

Sets a value in mS-DS-ConsistencyGuid attribute for the target Active Directory user. Supports Active Directory objects in multi-domain forests.

EXAMPLES

EXAMPLE 1

Set-ADSyncToolsMsDsConsistencyGuid -Identity 'CN=User1,OU=Sync,DC=Contoso,DC=com' -Value '88666888-0101-1111-bbbb-1234567890ab'

EXAMPLE 2

Set-ADSyncToolsMsDsConsistencyGuid -Identity 'CN=User1,OU=Sync,DC=Contoso,DC=com' -Value 'GGhsjYwBEU+buBsE4sqhtg=='

EXAMPLE 3

Set-ADSyncToolsMsDsConsistencyGuid 'User1@Contoso.com' '8d6c6818-018c-4f11-9bb8-1b04e2caa1b6'

EXAMPLE 4

Set-ADSyncToolsMsDsConsistencyGuid 'User1@Contoso.com' 'GGhsjYwBEU+buBsE4sqhtg=='

EXAMPLE 5

'88666888-0101-1111-bbbb-1234567890ab' | Set-ADSyncToolsMsDsConsistencyGuid -Identity User1

EXAMPLE 6

'GGhsjYwBEU+buBsE4sqhtg==' | Set-ADSyncToolsMsDsConsistencyGuid User1

PARAMETERS

-Identity

Target object in AD to set mS-DS-ConsistencyGuid

Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-Value

Value to set (ImmutableId, Byte array, GUID, GUID string or Base64 string)

Type: Object
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Set-ADSyncToolsTls12

SYNOPSIS

Sets Client\Server TLS 1.2 settings for .NET Framework

SYNTAX

Set-ADSyncToolsTls12 [[-Enabled] <Boolean>] [<CommonParameters>]

DESCRIPTION

Sets the registry entries to enable/disable TLS 1.2 for .NET Framework:

Path Name
HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319 SystemDefaultTlsVersions
HKLM:\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319 SchUseStrongCrypto
HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319 SystemDefaultTlsVersions
HKLM:\SOFTWARE\Microsoft.NETFramework\v4.0.30319 SchUseStrongCrypto
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server Enabled
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server DisabledByDefault
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client Enabled
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client DisabledByDefault

Running the cmdlet without any parameters will enable TLS 1.2 for .NET Framework

EXAMPLES

EXAMPLE 1

Set-ADSyncToolsTls12

EXAMPLE 2

Set-ADSyncToolsTls12 -Enabled $true

PARAMETERS

-Enabled

TLS 1.2 Enabled

Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: True
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

More Information: TLS 1.2 enforcement for Azure AD Connect

Test-ADSyncToolsSqlNetworkPort

SYNOPSIS

Test the SQL Server network port

SYNTAX

Test-ADSyncToolsSqlNetworkPort [[-Server] <String>] [[-Port] <String>]

DESCRIPTION

SQL Diagnostics related functions and utilities

EXAMPLES

EXAMPLE 1

Test-ADSyncToolsSqlNetworkPort -Server 'sqlserver01'

EXAMPLE 2

Test-ADSyncToolsSqlNetworkPort -Server 'sqlserver01' -Port 1433

PARAMETERS

-Server

SQL Server Name

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Port

SQL Server Port

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Trace-ADSyncToolsADImport

SYNOPSIS

Creates a trace file from an Active Directory Import Step

SYNTAX

ADConnectorXML

Trace-ADSyncToolsADImport [-DC] <String> [-RootDN] <String> [[-Filter] <String>] [[-Credential] <PSCredential>]
 [-SSL] [-ADConnectorXML] <String> [<CommonParameters>]

ADwatermarkInput

Trace-ADSyncToolsADImport [-DC] <String> [-RootDN] <String> [[-Filter] <String>] [[-Credential] <PSCredential>]
 [-SSL] [-ADwatermark] <String> [<CommonParameters>]

DESCRIPTION

Traces all LDAP queries of an Active Directory Import run from a given Active Directory watermark checkpoint (also called a partition cookie). Creates a trace file '.\ADimportTrace_yyyyMMddHHmmss.log' on the current folder. To use -ADConnectorXML, go to the Synchronization Service Manager, right-click your AD Connector and select "Export Connector..."

EXAMPLES

EXAMPLE 1

Trace Active Directory Import for user objects by providing an AD Connector XML file

Trace-ADSyncToolsADImport -DC 'DC1.contoso.com' -RootDN 'DC=Contoso,DC=com' -Filter '(&(objectClass=user))' -ADConnectorXML .\ADConnector.xml

EXAMPLE 2

Trace Active Directory Import for all objects by providing the Active Directory watermark (cookie) and AD Connector credential

$creds = Get-Credential Trace-ADSyncToolsADImport -DC 'DC1.contoso.com' -RootDN 'DC=Contoso,DC=com' -Credential $creds -ADwatermark "TVNEUwMAAAAXyK9ir1zSAQAAAAAAAAAA(...)"

PARAMETERS

-DC

Target Domain Controller

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RootDN

Forest Root DN

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Filter

AD objects type to trace. Use '(&(objectClass=*))' for all object types

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: (&(objectClass=*))
Accept pipeline input: False
Accept wildcard characters: False

-Credential

Provide the credential to run LDAP query against AD

Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SSL

SSL Connection

Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: 5
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ADConnectorXML

AD Connector Export XML file - Right-click AD Connector and select "Export Connector..."

Type: String
Parameter Sets: ADConnectorXML
Aliases:
Required: True
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ADwatermark

Manual input of watermark, instead of XML file e.g. $ADwatermark = "TVNEUwMAAAAXyK9ir1zSAQAAAAAAAAAA(...)"

Type: String
Parameter Sets: ADwatermarkInput
Aliases:
Required: True
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Trace-ADSyncToolsLdapQuery

SYNOPSIS

Trace LDAP queries

SYNTAX

Trace-ADSyncToolsLdapQuery [-RootDN] <String> [-Credential] <PSCredential> [[-Server] <String>]
 [[-Port] <Int32>] [-Filter <String>] [<CommonParameters>]

DESCRIPTION

{{ Fill in the Description }}

EXAMPLES

EXAMPLE 1

Trace-ADSyncToolsLdapQuery -RootDN "DC=Contoso,DC=com" -Credential $Credential

PARAMETERS

-RootDN

Forest/Domain DistinguishedName

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Credential

AD Credential

Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Server

Domain Controller Name (optional)

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Port

Domain Controller port (default: 389)

Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: 389
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Filter

LDAP filter (default: objectClass=*)

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: (objectClass=*)
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Update-ADSyncToolsSourceAnchor

SYNOPSIS

Updates users with the new ConsistencyGuid (ImmutableId)

SYNTAX

Update-ADSyncToolsSourceAnchor [[-DistinguishedName] <String>] [-ImmutableIdGUID] <String> [-Action] <String>
 [-Output] <String> [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

Updates users with the new ConsistencyGuid (ImmutableId) value taken from the ConsistencyGuid Report This function supports the WhatIf switch Note: ConsistencyGuid Report must be imported with Tab delimiter

EXAMPLES

EXAMPLE 1

Import-Csv .\AllSyncUsersTEST-Report.csv -Delimiter "`t"| Update-ADSyncToolsSourceAnchor -Output .\AllSyncUsersTEST-Result2 -WhatIf

EXAMPLE 2

Import-Csv .\AllSyncUsersTEST-Report.csv -Delimiter "`t"| Update-ADSyncToolsSourceAnchor -Output .\AllSyncUsersTEST-Result2

PARAMETERS

-DistinguishedName

DistinguishedName

Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: False
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-ImmutableIdGUID

ImmutableIdGUID

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-Action

Action

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-Output

Output filename for LOG files

Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Get-ADSyncToolsDuplicateUsersSourceAnchor

SYNOPSIS

Gets a list of all the objects with "Source anchor has changed" error.

SYNTAX

Get-ADSyncToolsDuplicateUsersSourceAnchor [-ADConnectorName] <Object> [<CommonParameters>]

DESCRIPTION

There are certain scenarios like M&A where Customers add a new forest to Azure AD Connect with duplicate user objects. This causes multiple sync errors if the new connector precedence is higher for the newly joined users. This cmdlet will provide a list of all the objects with "Source anchor has changed" errors.

EXAMPLES

EXAMPLE 1

Get-ADSyncToolsDuplicateUsersSourceAnchor -ADConnectorName Contoso.com

PARAMETERS

-ADConnectorName

AD connector name for which user source anchors needs to be repaired

Type: Object
Parameter Sets: (All)
Aliases:
Required: true
Position: 1
Default value: 
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Set-ADSyncToolsDuplicateUsersSourceAnchor

SYNOPSIS

Fixes all the objects with "Source Anchor has changed" error.

SYNTAX

et-ADSyncToolsDuplicateUsersSourceAnchor [-DuplicateUserSourceAnchorInfo] <DuplicateUserSourceAnchorInfo> [-ActiveDirectoryCredential <PSCredential>] [-OverridePrompt <Boolean>] [<CommonParameters>]

DESCRIPTION

This cmdlet takes in the list of objects from Get-ADSyncToolsDuplicateUsersSourceAnchor as pipeline input. It then fixes the sync errors by updating the msDS-ConsistencyGuid attribute with the sourceAnchor/immutableID of the original object. The cmdlet has an optional parameter - "Override prompt", which is False by default. If it is set to True, then the user will not be prompted when updating the msDS-ConsistencyGuid attribute.

EXAMPLES

EXAMPLE 1

Get-ADSyncToolsDuplicateUsersSourceAnchor -ADConnectorName Contoso.lab | Set-ADSyncToolsDuplicateUsersSourceAnchor

EXAMPLE 2

Get-ADSyncToolsDuplicateUsersSourceAnchor -ADConnectorName Contoso.lab | Set-ADSyncToolsDuplicateUsersSourceAnchor -OverridePrompt $true

PARAMETERS

-DuplicateUserSourceAnchorInfo

User list for which the source anchor needs to be fixed

Type: DuplicateUserSourceAnchorInfo
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: 
Accept pipeline input: True (ByValue, ByPropertyName)
Accept wildcard characters: False

-ActiveDirectoryCredential

AD EA/DA Admin Credentials, If not provided default credentials will be used

Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 
Accept pipeline input: False
Accept wildcard characters: False

-OverridePrompt

Type: Boolean
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.