Managing Active Directory (AD) and Azure Active Directory (Azure AD) often involves the use of PowerShell cmdlets for tasks ranging from syncing user accounts to diagnosing network connectivity. Below is a detailed guide to some of the most commonly used cmdlets and their descriptions.
Active Directory Synchronization Cmdlets
Get-ADSyncAADCompanyFeature
Retrieves the configuration of features enabled for your Azure AD Connect environment.
Get-ADSyncScheduler
Displays the current configuration of the Azure AD Connect scheduler, including synchronization settings.
Start-ADSyncSyncCycle -PolicyType Delta
Initiates a delta synchronization cycle, syncing only recent changes between on-premises AD and Azure AD.
Start-ADSyncSyncCycle -PolicyType Initial
Starts a full synchronization cycle, syncing all objects between on-premises AD and Azure AD.
Set-ADSyncScheduler -SyncCycleEnabled $false
Disables automatic synchronization cycles.Set-ADSyncScheduler -SyncCycleEnabled $true
Re-enables automatic synchronization cycles.Set-ADSyncScheduler -CustomizedSyncCycleInterval 00:15:00
Sets a custom synchronization interval, such as 15 minutes in this example.
Set-ADSyncAADCompanyFeature -devicewriteback $true
Enables device writeback to synchronize devices from Azure AD to on-premises AD.
Validation and Diagnosis Cmdlets
-
Confirm-DnsConnectivity
Validates DNS connectivity for synchronization processes.
-
Confirm-ForestExists
Checks if the specified AD forest exists.
-
Confirm-FunctionalLevel
Ensures the functional level of your AD forest/domain meets the requirements. -
Confirm-NetworkConnectivity
Tests network connectivity for synchronization. -
Confirm-TargetsAreReachable
Confirms that all target systems are accessible. -
Confirm-ValidDomains
Verifies the validity of the domains in your AD configuration. -
Confirm-ValidEnterpriseAdminCredentials
Checks if enterprise admin credentials are valid for the AD environment. -
Start-ConnectivityValidation
Runs connectivity validation for synchronization. -
Start-NetworkConnectivityDiagnosisTools
Initiates network diagnosis tools for troubleshooting.
Azure Active Directory Management Cmdlets
-
Install-Module -Name AzureAD
Installs the Azure AD PowerShell module for managing Azure Active Directory. -
Import-Module AzureAD
Imports the Azure AD module into your session. -
Connect-AzureAD -Credential (Get-Credential)
Connects to Azure Active Directory using provided credentials.
-
Get-AzureADUser
Retrieves details of all Azure AD users.
-
Get-AzureADUser -ObjectID <UserEmail>
Fetches details for a specific Azure AD user.
-
Get-AzureADUser | Export-Csv -Path “C:\Temp\AllUsers.csv”
Exports all Azure AD user details to a CSV file.
-
Disconnect-AzureAD
Disconnects from the Azure AD session. -
Install-Module -Name AzureADPreview
Installs the preview version of the Azure AD module.
Additional Commands for Azure AD and MSOnline
-
Get-AzureADTenantDetail
Displays details about your Azure AD tenant.
-
Get-Command -Module AzureAD
Lists all cmdlets available in the Azure AD module.
-
Install-Module -Name MSOnline
Installs the MSOnline module for managing Microsoft Online services. -
Connect-MsolService
Connects to Microsoft Online services for managing Azure AD.
-
Get-MsolUser
Retrieves information about users in your Azure AD environment.
Summary
These cmdlets are essential for administrators managing AD and Azure AD environments. From synchronization tasks to advanced diagnostics and user management, these commands streamline operations and ensure efficient directory services management. Whether you’re a seasoned admin or a beginner, keeping this cheat sheet handy can greatly enhance your productivity.
For more details, explore official documentation and resources.
Happy scripting!
The Knowledgeable and Latest way of Duplicate Attribute Resiliency - Cloud Knowledge
[…] the Azure Active Directory PowerShell Module (MSOnline […]