Specify source anchors for a Microsoft Entra domain
When you synchronize an Active Directory domain with Microsoft Entra ID, Microsoft Entra Connect uses a specific attribute of Active Directory objects as a source anchor to match these objects with Microsoft Entra objects. Usually, this attribute is one of the following:
- ms-DS-ConsistencyGuid
- msDS-SourceAnchor
- objectGuid
By default, Adaxes uses the same attributes to match objects. However, if you configured Microsoft Entra Connect to use a different attribute as a source anchor, you also need to configure Adaxes accordingly.
This is only required if you register both the Microsoft Entra domain and the synchronized Active Directory domain in Adaxes.
Change settings
To change the source anchor attributes, use the following script. In the script:
-
$serviceHost – the host name of the computer where the Adaxes service is installed.
-
$domainDN – specifies the name of a Microsoft Entra domain for which to change the source anchor attributes.
How to get the domain name
- Launch Adaxes Administration console.
- In the Console Tree, expand the Adaxes service node (the
icon represents service nodes). - Expand Managed Domains.
- Right click the domain you need, and in the context menu click Properties.
- The domain name will be displayed next to the Domain label.
-
$sourceAnchors – specifies an array of attribute names that Adaxes will use as source anchors for a domain. To reset the settings to default, specify
$null.
Only users who have the rights to modify properties of managed domains can change source anchor attributes.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
$serviceHost = "localhost"
$domainName = "example.onmicrosoft.com"
$sourceAnchors = @("<MY PROPERTY>")
# Prompt for credentials.
$credential = Get-Credential
# Bind to the domain.
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly($serviceHost)
$managedDomainsPath = $service.Backend.GetConfigurationContainerPath("ManagedDomains")
$managedDomainsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$managedDomainsPath
$domainPath = $managedDomainsPathObj.CreateChildPath("DC=$domainName")
$domain = $service.OpenObject($domainPath, $credential.UserName,`
$credential.GetNetworkCredential().Password, 0)
# Change settings.
$domain.Put("adm-SourceAnchors", $sourceAnchors)
$domain.SetInfo()
View current settings
To view the current attributes Adaxes uses as source anchors for a specific Microsoft Entra domain, use following script. In the script:
-
$serviceHost – the host name of the computer where the Adaxes service is installed.
-
$domainDN – specifies the name of a Microsoft Entra domain for which to change the source anchor attributes.
How to get the domain name
- Launch Adaxes Administration console.
- In the Console Tree, expand the Adaxes service node (the icon represents service nodes).
- Expand Managed Domains.
- Right click the domain you need, and in the context menu click Properties.
- The domain name will be displayed next to the Domain label.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
$serviceHost = "localhost"
$domainName = "example.onmicrosoft.com"
# Prompt for credentials.
$credential = Get-Credential
# Bind to the domain.
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly($serviceHost)
$managedDomainsPath = $service.Backend.GetConfigurationContainerPath("ManagedDomains")
$managedDomainsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$managedDomainsPath
$domainPath = $managedDomainsPathObj.CreateChildPath("DC=$domainName")
$domain = $service.OpenObject($domainPath, $credential.UserName,`
$credential.GetNetworkCredential().Password, 0)
# View settings.
$sourceAnchors = $domain.GetPropertyValues("adm-SourceAnchors")
if (-not $sourceAnchors)
{
# Default settings
Write-Host "Source anchor attributes: ms-DS-ConsistencyGuid, msDS-SourceAnchor, objectGuid"
}
else
{
Write-Host "Source anchor attribute(s): $($sourceAnchors -join ', ')"
}