Script repository

Force Active Directory Synchronization with Microsoft 365

May 31, 2023 Views: 9077
Microsoft 365 (Office 365) Miscellaneous

You can use the scripts to force Active Directory Synchronization with Microsoft 365 (Office 365) as a part of Business Rules, Custom Commands and Scheduled Tasks.

Note: Before using the scripts, make sure that the computer where Adaxes Service is installed and the computer where the DirSync / AAD Connect tool is installed allow execution of remote PowerShell commands. For details, see About Remote Requirements.

Synchronization via the DirSync Tool

This version of the script forces directory synchronization using the DirSync tool.

Parameters:

  • $dirsyncServer - specifies the fully qualified domain name of your DirSync Server;
  • $dirsyncmodulePath - specifies the full path to the DirSync module relative to the computer where it is installed (by default, C:\Program Files\Windows Azure Active Directory Sync\DirSyncConfigShell.psc1).
Edit Remove
PowerShell
$dirsyncServer = "dirsync.domain.com" # TODO: modify me

$scriptBlock = {
    $dirsyncModulePath = "C:\Program Files\Windows Azure Active Directory Sync\DirSyncConfigShell.psc1" # TODO: modify me

    powershell -PSConsoleFile $dirsyncModulePath -Command "Start-OnlineCoexistenceSync"
}

$result = Invoke-Command -ComputerName $dirsyncServer -ScriptBlock $scriptBlock

if ($result -ne $NULL)
{
    $Context.LogMessage($result, "Warning")
}

Synchronization via the AAD Connect Tool

This version of the script forces directory synchronization using the Azure Active Directory Connect (AAD Connect) tool.

Parameter:

  • $dirsyncServer - specifies the fully qualified domain name of the server that hosts the AAD Connect tool.
Edit Remove
PowerShell
$dirsyncServer = "dirsync.domain.com" # TODO: modify me

Invoke-Command -ComputerName $dirsyncServer -ErrorAction Stop -ScriptBlock {
    Import-Module "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync\ADSync.psd1"
        
    Start-ADSyncSyncCycle -PolicyType Delta
}

Comments 7
avatar
Christian Diaz Jan 26, 2023
This script/command will error if there's already a synchronization in progress, which injects an error in the Adaxes logging. Would be nice to see some error handling in this or maybe a check beforehand execution if a sync is already running.
Reply
avatar
Support Jan 27, 2023
Hello,

Unfortunately, there is no such possibility as it would require parsing the error returned by the Invoke-Command cmdlet.
Reply
avatar
Christian W May 26, 2023
Had the same issue , not sure if something like this would help you? Not tested yet in Adaxes

$O365SyncServer = "server.domain.tld" #Server used for DirSync Office 365
$var_syncDone = 1
$timeOut = 180

do{
$var_syncDone = 1

try {
Invoke-Command -ComputerName $O365SyncServer -ScriptBlock {
Import-Module adsync
Start-ADSyncSyncCycle -PolicyType Delta
} -ErrorAction Stop | Out-Null

Write-Host "Starting O365 Directory Sync on server $O365SyncServer"
} catch {
Write-Host "Error O365 Directory Sync on server $O365SyncServer due to:`r`n$($_.Exception.Message)`r`n"
$var_syncDone = 0
Write-Host "Waiting $($timeOut) seconds ..."
Start-Sleep -Seconds $timeOut
}
}while($var_syncDone -eq 0)
Reply
avatar
Christian W May 26, 2023
You define $dirsyncServer but use $computerName later : )
Reply
avatar
Support May 26, 2023
Hello Christian,

-ComputerName is a predefined parameter name for the Invoke-Command cmdlet. There is no possibility to change it. We use $dirsyncServer as the corresponding tools are usually installed on server editions.
Reply
avatar
Christian May 31, 2023
Hi,

I talking about the first script - if you run it, it will throw error , as variable $computerName was never set


$dirsyncServer = "dirsync.domain.com" # TODO: modify me

$result = Invoke-Command -ComputerName $computerName -ScriptBlock $scriptBlock
Reply
avatar
Support May 31, 2023
Hello Christian,

Thank you for pointing out the mistake. We have just fixed it.
Reply
Leave a comment
Related Scripts

Got questions?

Support Questions & Answers