Directory Synchronization Features via Graph API
Hi All,
Today i had an interesting case with AzureAD Connect Synchronization from Active Directory to Azure Active Directory.
The Customer is in the middle of a reorganization and was changing the Domain.
I've added the new UPN to the UPN Suffixes in Azure AD (domain.msc > Properties)
We addet the new Domain to the M365 Tenant
Then i've changed the UPN Suffix of a Testuser. But the UPN did not change in AzureAD after the AAD Connect Sync Cycle.
I've never experienced that. And in my Tenant it works finde.
After a while Googling i found out, that this Feature can be configured with the MSOnline PowerShell Module.
Synchronize userPrincipalName updates
Get-MsolDirSyncFeatures
Set-MsolDirSyncFeature -Feature SynchronizeUpnForManagedUsers -Enable $true
As you all probably know, MSOL and AzureAD PowerShell Modules will be retired end of June 2023
Microsoft Entra change announcements – September 2022 train
So i've googled around to find if there is a Microsoft Graph alternative. I found one, but it is currently only on the BETA Endpoint.
onPremisesDirectorySynchronizationFeature resource type
Get https://graph.microsoft.com/beta/directory/onPremisesSynchronization
Permissions
OnPremDirectorySynchronization.Read.All
OnPremDirectorySynchronization.ReadWrite.All
You can use also Microsoft.Graph PowerShell
Connect-MgGraph -Scopes OnPremDirectorySynchronization.Read.All, OnPremDirectorySynchronization.ReadWrite.All
Select-MgProfile -Name "beta"
Select-MgProfile -Name "beta"
Get-MgDirectoryOnPremisSynchronization | fl
Accidential Deletion Threshold
$Sync = Get-MgDirectoryOnPremisSynchronization
$Sync.Configuration | fl
$Sync.Configuration.AccidentalDeletionPrevention | fl
$Sync.Configuration | fl
$Sync.Configuration.AccidentalDeletionPrevention | fl
Sync Features
$Sync.Features | fl
Finally don't forget to disconnect Microsoft Graph
Disconnect-MgGraph
Additional Info:
Manage directory synchronization settings via the Graph API
Regards
Andres Bohren
