Sync Azure AD With PowerShell

How to synchronize Azure AD with PowerShell

How do you synchronize your Azure AD with your on-premises AD using PowerShell?

First, let’s consider a more straightforward option: How to do it WITHOUT PowerShell!

Synchronize Azure AD Without(!) PowerShell

With Easy365Manager, you can synchronize Azure AD Connect directly from the properties of any user account in AD Users & Computers:

You almost always perform the Azure AD synchronization after changing AD user attributes, like proxyAddresses.

Doing it directly from user properties after making the changes will save you a lot of time!

Without Easy365Manager, you need to use PowerShell to synchronize your Azure AD with your on-premises AD.

Synchronize Azure AD With PowerShell

To synchronize Azure AD with PowerShell, you must use the following command:

Start-ADSyncSyncCycle -PolicyType Delta

This command will perform a delta synchronization which is usually enough.

To trigger a full synchronization of Azure AD with PowerShell, use the following command:

Start-ADSyncSyncCycle -PolicyType Initial

If the synchronization is successful, you’ll see output similar to the following:

PS C:\> Start-ADSyncSyncCycle -PolicyType Delta
 Result
 ------
Success

If you see the following error message, you’re probably not logged in to your Azure AD Connect server.

Start-ADSyncSyncCycle : The term 'Start-ADSyncSyncCycle' is not recognized as the name of a
cmdlet, function, script file, or operable program. Check the spelling of the name, or if a
path was included, verify that the path is correct and try again.
Import-Module : The specified module 'ADSync' was not loaded because no valid module file
was found in any module directory.

Keep reading to see how you can perform the Azure AD Connect synchronization remotely.

How to Perform Remote Synchronization of Azure AD Using PowerShell

You don’t need to log in (interactively) to your Azure AD Connect server to force synchronization between AD and Azure.

Use the following steps to force a remote synchronization of AD and Azure:

  1. Use the Enter-PSSession command to connect to your Azure AD Connect server
  2. Perform a delta synchronization using the Start-ADSyncSyncCycle command
  3. Exit the PSSession to kill the connection to your Azure AD Connect server

Use the following code to perform a remote delta synchronization:

Enter-PSSession DC-01
Start-ADSyncSyncCycle -PolicyType Delta
Exit-PSSession

(assuming that ‘DC-01’ is your Azure AD Connect Server)

The output will look like this:

PS C:\Windows\system32> Enter-PSSession DC-01
[DC-01]: PS C:\Users\adm.ad.jane\Documents> Start-ADSyncSyncCycle -PolicyType Delta
 Result
 ------
Success
[DC-01]: PS C:\Users\adm.ad.jane\Documents> Exit-PSSession
PS C:\Windows\system32>

Improved Office 365 Synchronization and Management

Making sure that Azure AD is quickly updated when changing your local AD can be frustrating.

As detailed here, the default synchronization schedule is every 30 minutes and is not configurable.

With Easy365Manager, you can manage AD users, Office 365 mailboxes, and Azure AD synchronization in one consolidated tool.

Easy365Manager is a plugin for AD Users & Computers which will add two new tabs to user properties and one new tab to group properties. The new tabs allow you to trigger Azure AD synchronization and manage Office 365 mailboxes easily.

Easy365Manager even lets you make changes that usually require PowerShell, like setting up calendar delegation:

The main benefits our customers are reporting are:

  • First-level support can work faster in a less confusing admin environment.
  • First-level support can manage tasks that generally require senior-level scripting.
  • No training is needed as Easy365Manager is integrated into AD Users & Computers.
  • The ability to remove Exchange on-premises.

For the complete feature list, go here.

Download the fully-functional 30-day trial here.