Specify source anchors for an Azure AD domain
When you synchronize an on-premises domain with Azure AD, AAD Connect uses a specific attribute of on-premises objects as a source anchor to match these objects with Azure AD objects. Usually, this attribute is one of the following:
- ms-DS-ConsistencyGuid
- msDS-SourceAnchor
- objectGuid
By default, Adaxes uses the same attributes to match objects. However, if you configured AAD Connect to use a different attribute as a source anchor, you also need to configure Adaxes accordingly.
This is only required if you register both the Azure AD domain and the synchronized on-premises AD domain in Adaxes.
Change settings
To change the source anchor attributes, use the following script. In the script:
-
$serviceHost – the host name of the computer where the Adaxes service is installed.
-
$domainDN – specifies the name of an Azure AD domain for which to change the source anchor attributes.
How to get the domain name
- Launch Adaxes Administration console.
- In the Console Tree, expand the Adaxes service node (the
icon represents service nodes). - Expand Managed Domains.
- Right click the domain you need, and in the context menu click Properties.
- The domain name will be displayed next to the Domain label.
-
$sourceAnchors – specifies an array of attribute names that Adaxes will use as source anchors for a domain. To reset the settings to default, specify
$null.
Only users who have the rights to modify properties of managed domains can change source anchor attributes.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
$serviceHost = "localhost"
$domainName = "example.onmicrosoft.com"
$sourceAnchors = @("<MY PROPERTY>")
# Prompt for credentials.
$credential = Get-Credential
# Bind to the domain.
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly($serviceHost)
$managedDomainsPath = $service.Backend.GetConfigurationContainerPath("ManagedDomains")
$managedDomainsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$managedDomainsPath
$domainPath = $managedDomainsPathObj.CreateChildPath("DC=$domainName")
$domain = $service.OpenObject($domainPath, $credential.UserName,`
$credential.GetNetworkCredential().Password, 0)
# Change settings.
$domain.Put("adm-SourceAnchors", $sourceAnchors)
$domain.SetInfo()
View current settings
To view the current attributes Adaxes uses as source anchors for a specific Azure AD domain, use following script. In the script:
-
$serviceHost – the host name of the computer where the Adaxes service is installed.
-
$domainDN – specifies the name of an Azure AD domain for which to change the source anchor attributes.
How to get the domain name
- Launch Adaxes Administration console.
- In the Console Tree, expand the Adaxes service node (the icon represents service nodes).
- Expand Managed Domains.
- Right click the domain you need, and in the context menu click Properties.
- The domain name will be displayed next to the Domain label.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
$serviceHost = "localhost"
$domainName = "example.onmicrosoft.com"
# Prompt for credentials.
$credential = Get-Credential
# Bind to the domain.
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly($serviceHost)
$managedDomainsPath = $service.Backend.GetConfigurationContainerPath("ManagedDomains")
$managedDomainsPathObj = New-Object "Softerra.Adaxes.Adsi.AdsPath" `
$managedDomainsPath
$domainPath = $managedDomainsPathObj.CreateChildPath("DC=$domainName")
$domain = $service.OpenObject($domainPath, $credential.UserName,`
$credential.GetNetworkCredential().Password, 0)
# View settings.
$sourceAnchors = $domain.GetPropertyValues("adm-SourceAnchors")
if (-not $sourceAnchors)
{
# Default settings
Write-Host "Source anchor attributes: ms-DS-ConsistencyGuid, msDS-SourceAnchor, objectGuid"
}
else
{
Write-Host "Source anchor attribute(s): $($sourceAnchors -join ', ')"
}