Pages

Thursday, January 26, 2017

How to Trigger an AAD Connect Sync from a Remote Computer

If you use AAD Connect to synchronize on-premises Active Directory with Azure AD, you may find it more convenient to trigger an AAD sync from a remote domain-joined computer or server. I frequently do this when I make a change to an on-prem AD object from my Windows 10 workstation or Exchange server. Remote PowerShell to the rescue!

Copy the following Sync-AAD.ps1 script to your Windows path (I put it in C:\Windows) on the computer or server where you want to run it.
$AADComputer = ((Get-ADUser -Filter 'Name -like "AAD_*"' -Properties Description).Description).split(" ")[13].trim(".") + "." + (Get-WmiObject win32_computersystem).Domain
$session = New-PSSession -ComputerName $AADComputer
Invoke-Command -Session $session -ScriptBlock {Import-Module -Name 'ADSync'}
Invoke-Command -Session $session -ScriptBlock {Start-ADSyncSyncCycle -PolicyType Delta}
Remove-PSSession $session
Sync-AAD.ps1 output
I haven't found a better way to determine where AAD Connect is installed than the way I'm doing it in the first line. It uses the AD PowerShell module to parse out the AAD Connect computer name listed in the description property of the AAD_***** computer account. This assumes, of course, that the AD PowerShell module is installed on the local computer, and the description property is filled out correctly in AD. AAD Connect sets the description for this account to something like, "Service account for the Synchronization Service with installation identifier 16e45891... running on computer DC1." If that doesn't work for you for some reason, simply change the first line to your AAD computer FQDN, for example:
$AADComputer = "aad.contoso.com"

The second line, $session = New-PSSession -ComputerName $AADComputer,creates a new remote PowerShell connection to the computer where AAD Connect is installed.

The third line invokes a command to import the AAD Connect PowerShell module on the local computer.

The fourth line invokes a command to start the delta AD sync cycle.

The final line removes the remote PowerShell session.

Easy peasy!

No comments:

Post a Comment

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.