AADConnect PowerShell: Manual operations

Importing PowerShell Module

Import-Module ADSync

Check current sync schedule

Get-ADSyncScheduler

To set sync interval to every 3 hours

Set-AdSyncScheduler -customizedsycncecleinterval 03:00:00

Start by telling the scheduler to stop its current cycle with the PowerShell cmdlet 

Stop-ADSyncSyncCycle

To initiate a full sync cycle, run

Start-ADSyncSyncCycle -PolicyType Initial

Force Synchronisation

It could be that you have an urgent change which must be synchronized immediately which is why you need to manually run a cycle.
Start-ADSyncSyncCycle -PolicyType Delta

To check current sync status

Get-ADSyncConnectorRunStatus

Example,

PS C:\Users\Administrator> Start-ADSyncSyncCycle -PolicyType Delta
PS C:\Users\Administrator> Get-ADSyncConnectorRunStatus
   RunState ConnectorName
   -------- -------------
   Busy mfa01.onmicrosoft.com - AAD

Manual sync for password

$adConnector  = "mfalab3.com"
$aadConnector = "mfa01.onmicrosoft.com - AAD"
$c = Get-ADSyncConnector -Name $adConnector
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter “Microsoft.Synchronize.ForceFullPasswordSync”, String, ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c.GlobalParameters.Remove($p.Name)
$c.GlobalParameters.Add($p)
$c = Add-ADSyncConnector -Connector $c
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $true

Example

PS C:\Users\Administrator> Get-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector
SourceConnector  TargetConnector  Enabled
---------------  --------------- -------
mfalab3.com mfa01.onmicrosoft.com - AAD  False

Comments

Post a Comment

Popular posts from this blog

ADFS WAP: How to configure SSO with RDWeb

Image
1.  System Deploy ADFS : th-adfs2012.mfalab3.com ADFS WAP : th-adfs2012wap.mfalab3.com RDWeb : th-rds.mfalab3.com A public IP for ADFS WAP points to ADFS/RDS as well 2.  Setting on ADFS Create a Relying Parth Trust 3.  Setting on ADFS WAP Create WAP Application, Add-WebApplicationProxyApplication -Name 'rdweb' -ExternalUrl 'https://th-rds.mfalab3.com/rdweb/' -BackendServerURL 'https://th-rds.mfalab3.com/rdweb/' -ExternalPreAuthentication ADFS -ADFSRelyingPartyName rdweb1 -ExternalCertificateThumbprint '67D438BDDBB455E53CA83D6F5DEC34CC546F711A' 4.  Setting on RDS Important : Change authentication method to “Windows” https://social.technet.microsoft.com/Forums/office/en-US/999f56fa-a218-41b0-86ee-2845269d93ef/rdweb-authentication?forum=winserverTS 5.  Setting on the Client Computers 6. See how it works
Read more

Collect AzureStack Update Verbose log

Image
The following commands will collect "UpdateVerboseLog". 1. Create a PEP session, in this example $pepsession is the name of established PEP session $pepsession = New-PSSession -ComputerName ercs_ip -ConfigurationName PrivilegedEndpoint -Credential (get-credential) 2. Collect verbose log $log = Invoke-Command -Session $pepsession -ScriptBlock { Get-AzureStackUpdateVerboseLog } 3. Save it to local folder $log > “c:\temp\UpdateVerboseLog.txt” 4. Example
Read more

Secure RDWeb using Azure Multi-Factor Authentication

Image
1. Change RDWeb authentication mode from "Forms" to "Windows" Edit C:\Windows\Web\RDWeb\Pages\web.config     <authentication mode="Windows"/> <!--     <authentication mode="Forms">         <forms loginUrl="default.aspx" name="TSWAAuthHttpOnlyCookie" protection="All" requireSSL="true" />     </authentication> --> . . . <system.webServer> <!--     <modules runAllManagedModulesForAllRequests="true">       <remove name="FormsAuthentication" />       <add name="RDWAFormsAuthenticationModule" type="Microsoft.TerminalServices.Publishing.Portal.FormAuthentication.TSDomainFormsAuthentication" />     </modules>     <security>         <authentication>             <windowsAuthentication enabled="false" />             <anonymousAuthentication enabled="true&q
Read more