Set-MsolDirSyncFeature
Sets identity synchronization features for a tenant.
Syntax
Set-MsolDirSyncFeature
-Feature <String>
-Enable <Boolean>
[-Force]
[-TenantId <Guid>]
[<CommonParameters>] Description
The Set-MsolDirSyncFeature cmdlet sets identity synchronization features for a tenant.
You can use the following synchronization features with this cmdlet:
EnableSoftMatchOnUpn: Soft match is the process used to link an object being synced from on-premises for the first time with one that already exists in the cloud. When this feature is enabled, soft match will first be attempted using the standard logic, based on the primary SMTP address. If a match isn't found based on primary SMTP, then a match will be attempted based on UserPrincipalName. Once this feature is enabled, it can't be disabled.
PasswordSync
SynchronizeUpnForManagedUsers: Allows for the synchronization of UserPrincipalName updates from on-premises for managed (non-federated) users that have been assigned a license. These updates will be blocked if this feature isn't enabled. Once this feature is enabled, it can't be disabled.
BlockSoftMatch: When this feature is enabled, it will block the soft match feature. Customers are encouraged to enable this feature and keep it enabled until soft matching is required again for their tenancy. This flag should be enabled again after any soft matching has completed and is no longer needed.
BlockCloudObjectTakeoverThroughHardMatch: When this feature is not enabled, and
- an object is synced for which an object with a matching source anchor already exists in Azure AD and,
- that object in Azure AD doesn't have DirSyncEnabled set to "true", then
the default behavior would be to hard match the cloud object with the on premises object and set the DirSyncEnabled flag of the Cloud object to "true".
When enabling this feature, the cloud object is no longer matched and the DirSyncEnabled flag isn't set to "true". Instead, an error is thrown: Error Code:InvalidHardMatch, Error Message:Another cloud created object with the same source anchor already exists in Azure Active Directory.
Enabling some of these features, such as EnableSoftMatchOnUpn and SynchronizationUpnForManagedUsers, is a permanent operation. You can't disable these features once they're enabled.
Examples
Example 1: Enable a feature for the tenant
PS C:\> Set-MsolDirSyncFeature -Feature EnableSoftMatchOnUpn -Enable $TrueThis command enables the SoftMatchOnUpn feature for the tenant.
Example 2: Block Soft Matching for the tenant
PS C:\> Set-MsolDirSyncFeature -Feature BlockSoftMatch -Enable $TrueThis command enables the BlockSoftMatch feature for the tenant - effectively blocking the Soft Matching feature in the tenant
Example 3: Block Cloud object takeover through Hard Matching for the tenant
PS C:\> Set-MsolDirSyncFeature -Feature BlockCloudObjectTakeoverThroughHardMatch -Enable $TrueThis command enables the BlockCloudObjectTakeoverThroughHardMatch feature for the tenant - effectively blocking the Hard Match object takeover.
Parameters
-Enable
Indicates whether the specified feature will be turned on for the company.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Feature
Specifies the directory synchronization features to turn on or off.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-TenantId
Specifies the unique ID of the tenant to perform the operation on. If you do not specify this parameter the cmdlet will use the ID of the current user. This parameter is only applicable to partner users.
| Type: | Guid |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |