Directory Synchronization Features via Graph API
Hi All,
Today i had an interesting case with AzureAD Connect Synchronization from Active Directory to Azure Active Directory.
The Customer is in the middle of a reorganization and was changing the Domain.
I’ve added the new UPN to the UPN Suffixes in Azure AD (domain.msc > Properties)
We addet the new Domain to the M365 Tenant
Then i’ve changed the UPN Suffix of a Testuser. But the UPN did not change in AzureAD after the AAD Connect Sync Cycle.
I’ve never experienced that. And in my Tenant it works finde.
After a while Googling i found out, that this Feature can be configured with the MSOnline PowerShell Module.
Get-MsolDirSyncFeatures
Set-MsolDirSyncFeature -Feature SynchronizeUpnForManagedUsers -Enable $true
As you all probably know, MSOL and AzureAD PowerShell Modules will be retired end of June 2023
So i’ve googled around to find if there is a Microsoft Graph alternative. I found one, but it is currently only on the BETA Endpoint.
Get https://graph.microsoft.com/beta/directory/onPremisesSynchronization
Permissions:
- OnPremDirectorySynchronization.Read.All
- OnPremDirectorySynchronization.ReadWrite.All
You can use also Microsoft.Graph PowerShell
Connect-MgGraph -Scopes OnPremDirectorySynchronization.Read.All, OnPremDirectorySynchronization.ReadWrite.All
Select-MgProfile -Name "beta"
Get-MgDirectoryOnPremisSynchronization | fl
Accidential Deletion Threshold
$Sync = Get-MgDirectoryOnPremisSynchronization
$Sync.Configuration | fl
$Sync.Configuration.AccidentalDeletionPrevention | fl
Sync Features
$Sync.Features | fl
Finally don’t forget to disconnect Microsoft Graph
Disconnect-MgGraph
Additional Info:
Regards
Andres Bohren
