How to Identify Your Azure AD Connect Server

How to locate the Azure AD Connect server

Azure AD Connect is the synchronization service that will ensure your local Active Directory and Office 365 are kept in sync.

Maybe it’s been a while since you installed Azure AD Connect. Or perhaps you’ve taken over the administration of someone else’s undocumented mess?

Fortunately, you can find your Azure AD Connect Server with two different approaches.

Find Azure AD Connect Using the MSOnline PowerShell Module

The MSOnline PowerShell module has a super-secret method. You’ll have a hard time digging out of the documentation found at Microsoft:

(Get-MsolCompanyInformation).DirSyncClientMachineName

The attribute DirSyncClientMachineName is not even mentioned in the official documentation of the Microsoft.Online.Administration.CompanyInformation object.

But it (still) works like a charm:

PS C:\> (Get-MsolCompanyInformation).DirSyncClientMachineName
DC-01

Find Azure AD Connect Using Active Directory

To identify the Azure AD Connect server using AD information, the following command is a neat trick:

Get-ADUser -LDAPFilter "(description=*configured to synchronize to tenant*)" -Properties description | % { $_.description.SubString(142, $_.description.IndexOf(" ", 142) - 142)}

(the script requires that the Active Directory PowerShell module is available on your system)

If the Azure AD Connect installation was performed according to defaults, the output would be the server name of the Azure AD Connect server, e.g., something like this:

PS C:\> Get-ADUser -LDAPFilter "(description=*configured to synchronize to tenant*)"
    -Properties description | % { $_.description.SubString(142, $_.description.IndexOf(" ", 142) -142)}
DC-01

In a default installation, your Azure AD Connect server creates an AD synchronization account named “MSOL_[12 hex chars].

This account is configured with a description property similar to this:

Account created by Microsoft Azure Active Directory Connect with installation identifier
f501fa0aee0340a0b9c1a93ddc6e7d19 running on computer DC-01 configured to synchronize to tenant
easy365manager.onmicrosoft.com.
This account must have directory replication permissions in the local Active Directory and
write permission on certain attributes to enable Hybrid Deployment.

The above PowerShell script searches for a description field similar to this and extracts the server name.

For simplicity, The PowerShell script assumes the server name appears at char 142. However, this may change in the future.

Also, if you upgraded Azure AD Connect by installing it to a new server, you’ll find several similar values. In that case, you can look at the creation date of the entries.

How to Synchronize Azure AD Connect From AD

Many admins are frustrated that you need multiple web consoles, PowerShell, and an on-premises Exchange Server in order to manage Office 365.

With Easy365Manager, all daily Office 365 mailbox operations, including Azure AD synchronization, can be done from AD Users & Computers:

Azure AD Connect delta synchronization with Easy365Manager
Synchronizing Azure AD Connect from AD user properties

Easy365Manager is a small snap-in to AD Users & Computers that extends user properties with two new tabs, so you no longer have to switch between multiple web consoles to perform daily management:

Easy365Manager Office 365 user properties
New user property tab: "Office 365"
Easy365Manager user properties, Office 365 mailbox management inside Active Directory
New user property tab: "Mailbox"

With Easy365Manager, you can perform all daily tasks from AD Users & Computers:

  • Assign Office 365 licenses
  • Manage shared mailbox delegation
  • Configure calendar permissions
  • Configure proxyAddresses (with format and uniqueness check)
  • Replicate Azure AD Connect

And a lot more. See the complete feature list here

Create an Office 365 mailbox using Easy365Manager
Assigning an Office 365 license from AD user properties

Additionally, Easy365Manager lets you remove your on-premises Exchange Server. This will give you 100% protection from future zero-day exploits targeting Exchange Server.

Try the fully functional 30-day trial now. It only takes a few minutes to install, has zero learning curve, and you’re guaranteed to have saved hours of work before the end of the week!

Did you like this post? Maybe your friends will too!