ARTICLE UPDATED August 2014 to address the PowerShellConfig module.
NOTE: If you are using Azure AD Connect, see this new article.
As you may have seen, DirSync’s PowerShell functionality can now be called from the “Import-Module” cmdlet instead of running a custom DirSyncConfigShell.psc1 file. If we look at this new module, we can see 92 DirSync-related cmdlets:
Notice the screenshot is actually listing the commands of the “Microsoft.Online.Coexistence.PS.Config module” and “PowerShellConfig” (very descriptive!), not “DirSync”. That is because the DirSync module is a wrapper of sorts, calling “%programfiles% \Windows Azure Active Directory Sync\dirsync\DirSync.psd1” on your behalf. The DirSync module itself contains no cmdlets.
So, what do these cmdlets do anyway? Not all of them are well documented online, so you should start with the help file. Unfortunatley, even the help file omits a synopsis for the 67 “PowerShellConfig” cmdlets. For the 25 within Microsoft.Online.Coexistence.PS.Config module, run the below command to generate an output similar to the following table:
ipmo DirSync gcm -m Microsoft.Online.Coexistence.PS.Config | get-help | select name, synopsis | epcsv $env:userprofile\desktop\DirSyncCmdlets.csv -notype
Name |
Synopsis |
Disable-DirSyncLog |
This commandlet is used to disable logging for the Azure Active Directory Sync tool. |
Disable-MSOnlineObjectManagement | Disable-MSOnlineObjectManagement -Credential <pscredential> [-ObjectTypes <string[]>] [-WhatIf] [-Confirm] [<CommonParameters>] |
Disable-MSOnlinePasswordSync | Disable-MSOnlinePasswordSync -Credential <pscredential> [-WhatIf] [-Confirm] [<CommonParameters>] |
Disable-MSOnlineRichCoexistence | Disable-MSOnlineRichCoexistence -Credential <pscredential> [-WhatIf] [-Confirm] [<CommonParameters>] |
Disable-OnlinePasswordWriteBack |
This commandlet is used to disable writing back user password resets from cloud to onpremise Active Directory. |
Disable-PasswordSyncLog |
This commandlet is used to disable logging for the Password Sync feature of the Azure Active Directory Sync tool. |
Enable-DirSyncLog |
This commandlet is used to configure the logging level for the Azure Active Directory Sync tool. |
Enable-MSOnlineObjectManagement | Enable-MSOnlineObjectManagement -ObjectTypes <string[]> -TargetCredentials <pscredential> -Credential <pscredential> [-WhatIf] [-Confirm] [<CommonParameters>] |
Enable-MSOnlinePasswordSync | Enable-MSOnlinePasswordSync -Credential <pscredential> [-WhatIf] [-Confirm] [<CommonParameters>] |
Enable-MSOnlineRichCoexistence | Enable-MSOnlineRichCoexistence -Credential <pscredential> [-WhatIf] [-Confirm] [<CommonParameters>] |
Enable-OnlinePasswordWriteBack |
This commandlet is used to enable writing back user password resets from cloud to onpremise Active Directory. |
Enable-PasswordSyncLog |
This commandlet is used to configure the logging level for the Password Sync feature of the Azure Active Directory Sync tool. |
Get-CoexistenceConfiguration |
Gets a configuration information from the Microsoft Online Coexistence Web Server |
Get-DirSyncConfiguration | Get-DirSyncConfiguration -TargetCredentials <pscredential> [<CommonParameters>] |
Get-DirSyncLogStatus |
This commandlet is used to retrieve the current logging level for the Azure Active Directory Sync tool. |
Get-OnlinePasswordWriteBackStatus |
This commandlet is used to obtain the current status of writing back user password resets from cloud to onpremise Active Directory. |
Get-PasswordSyncLogStatus |
This commandlet is used to retrieve the current logging level for the Password Sync feature of the Azure Active Directory Sync tool. |
Get-PreventAccidentalDeletes |
This commandlet is used to retrieve the current status of the object deletion threshold for DirSync. |
Set-CoexistenceConfiguration |
Configures Microsoft Online Directory Synchronization Tool. |
Set-CompanyDirSyncFeatures | Set-CompanyDirSyncFeatures -TargetCredentials <pscredential> -FeaturesFlag <int> [<CommonParameters>] |
Set-DirSyncConfiguration | Set-DirSyncConfiguration -TargetCredentials <pscredential> -DirSyncConfiguration <CloudDirSyncConfiguration> [<CommonParameters>] |
Set-FullPasswordSync |
Resets the password sync state information forcing a full sync the next time the service is restarted. |
Set-PreventAccidentalDeletes |
This commandlet is used to enable or disable the object deletion threshold for DirSync. |
Start-OnlineCoexistenceSync |
Starts synchronization with Microsoft Online |
Update-MSOLDirSyncNetworkProxySetting |
Updates the directory sync service to use the current user’s http proxy settings. |
The de-“magicification” of DirSync is definitely a good thing for all Azure customers. Having said this, I’d still keep the Codeplex FIM modules around, since they do offer a lot more control of and visibility into the underlying FIM Sync Service.
Here are the cmdlets without help documentation:
Add-AttributeFlowMapping |
Add-ConfigurationParameter |
Add-ConnectorAnchorConstructionSettings |
Add-ConnectorAttributeInclusion |
Add-ConnectorFilter |
Add-ConnectorHierarchyProvisioningMapping |
Add-ConnectorObjectInclusion |
Add-RelationshipConditionGrouping |
Add-RunStep |
Add-SynchronizationConditionGrouping |
Disable-ConnectorPartition |
Disable-ConnectorPartitionHierarchy |
Enable-ConnectorPartition |
Enable-ConnectorPartitionHierarchy |
Export-ServerConfiguration |
Get-AADConnectorPasswordResetConfiguration |
Get-ConfigurationParameter |
Get-Connector |
Get-ConnectorHierarchyProvisioningDNComponent |
Get-ConnectorHierarchyProvisioningMapping |
Get-ConnectorHierarchyProvisioningObjectClass |
Get-ConnectorPartition |
Get-ConnectorPartitionHierarchy |
Get-ConnectorTypes |
Get-GlobalSettings |
Get-PasswordHashSyncConfiguration |
Get-RunProfile |
Get-Schema |
Get-SynchronizationRule |
Import-MIISServerConfig |
Import-ServerConfiguration |
Initialize-Connector |
Initialize-RunProfile |
Initialize-SynchronizationRule |
New-Connector |
New-RunProfile |
New-SynchronizationRule |
Remove-AADConnectorPasswordResetConfiguration |
Remove-AttributeFlowMapping |
Remove-ConfigurationParameter |
Remove-Connector |
Remove-ConnectorAnchorConstructionSettings |
Remove-ConnectorAttributeInclusion |
Remove-ConnectorFilter |
Remove-ConnectorHierarchyProvisioningMapping |
Remove-ConnectorObjectInclusion |
Remove-PasswordHashSyncConfiguration |
Remove-RelationshipConditionGrouping |
Remove-RunProfile |
Remove-RunStep |
Remove-SynchronizationConditionGrouping |
Remove-SynchronizationRule |
Set-AADConnectorPasswordResetConfiguration |
Set-ConfigurationParameter |
Set-Connector |
Set-GlobalSettings |
Set-MIISADMAConfiguration |
Set-MIISECMA2Configuration |
Set-MIISExtMAConfiguration |
Set-MIISFIMMAConfiguration |
Set-PasswordHashSyncConfiguration |
Set-ProvisioningRulesExtension |
Set-RunProfile |
Set-Schema |
Set-SynchronizationRule |
Update-ConnectorPartition |
Update-ConnectorSchema |
As time allows, I will return with more detail on each of the above DirSync cmdlets; so long for now!
Hi Mike, I cannot make this work through PowerShell Remoting. It just seems to hang, and never do anything. I have tried using Invoke-Command, and by using a PSSession, Any tips would be welcome!
I haven’t tried this, I’ll give it a whirl this weekend and post back. If you figure it out, please update your post as well!
I think the key here is that the DirSync module itself has no cmdlets and that might trip things up. I’ve had success with the following after setting up the powershell remote session:
Invoke-Command -Session $Global:DirSyncSession -ScriptBlock {Import-Module DirSync}
then
Import-PSSession -Session $Global:DirSyncSession -Module Microsoft.Online.Coexistence.PS.Config
Microsoft.Online.Coexistence.PS.Config is where all the cmdlets are.
Hi Mike,
I have a exchange setup in our lab.
What we have is we have a domain registered in godaddy.com.
exchnage 2010+sp2 has been configured in our lab with ip 192.168.1.2 (connected to DSL line) in exchange i could able to send mail to yahoo.com, but i am not receiving mail externally(i.e frm yahoo,gmail…etc)
could you please guide me how can i receive mails from externally to my exchnage 2010.
Mahesh
Info on Set-PreventAccidentalDeletes:
http://social.technet.microsoft.com/wiki/contents/articles/24544.dirsync-how-to-avoid-syncing-accidental-deletes-to-the-cloud-directory.aspx
It’s baffling that MS removed the Powershell module and just gave us a commandline tool. Hello automation and scripting?!
I was unable to make Powershell that calls the DirectorySyncClientCmd.exe work, when executed via webservice hosted on IIS. Instead, I solved it by using the TaskScheduler library found here: http://taskscheduler.codeplex.com . This allows you to start the “Azure AD Sync Scheduler” scheduled task on the server you installed the Azure admin tools on. Here’s a code example in C#:
using (TaskService service = new TaskService(“addirsyncservername”, “username”, “domain”, “password”))
{
Microsoft.Win32.TaskScheduler.Task task = service.GetTask(“Azure AD Sync Scheduler”);
task.Run();
while (task.State == TaskState.Running)
{
Thread.Sleep(1000);
}
}