marckean/AD Connect admin tasks.ps1

## AD Connect admin tasks.ps1
Import-Module ADSync

# Get all ADSync cmdlets
Get-Command | Where-Object {$_.ModuleName -eq "ADSync"}

#region Force a Directory Sync
if((Get-ScheduledTask -TaskName "Azure AD Sync Scheduler").Actions.Execute -match "DirectorySyncClientCmd")
{Start-ScheduledTask -TaskName "Azure AD Sync Scheduler"}
#endregion

# To see if password sync is enabled
Get-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector.Name

#region Directory Sync

# To perform a full directory sync
Start-Process -FilePath "C:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe" -ArgumentList Initial

# To perform a delta directory sync
Start-Process -FilePath "C:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe" -ArgumentList Delta

#endregion

#region Trigger a Full Password Sync in Azure AD Sync
# Get All Connectors
$adConnector = Get-ADSyncConnector | % {$_.Type -eq "AD"}
$aadConnector = Get-ADSyncConnector | % {$_.Type -eq "Extensible2" -or $_.SubType -like "*Azure*"}

$c = Get-ADSyncConnector -Name $adConnector.Name
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c.GlobalParameters.Remove($p.Name)
$c.GlobalParameters.Add($p)
$c = Add-ADSyncConnector -Connector $c

Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector.Name -TargetConnector $aadConnector.Name -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector.Name -TargetConnector $aadConnector.Name -Enable $true
#endregion

# Get the latest event of the password change
(Get-EventLog -LogName Application | where {$_.EventID -eq "656"} | select -First 1).Message
(Get-EventLog -LogName Application | where {$_.EventID -eq "656"} | select -First 1).Message
	Import-Module ADSync

	# Get all ADSync cmdlets
	Get-Command \| Where-Object {$_.ModuleName -eq "ADSync"}

	#region Force a Directory Sync
	if((Get-ScheduledTask -TaskName "Azure AD Sync Scheduler").Actions.Execute -match "DirectorySyncClientCmd")
	{Start-ScheduledTask -TaskName "Azure AD Sync Scheduler"}
	#endregion

	# To see if password sync is enabled
	Get-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector.Name

	#region Directory Sync

	# To perform a full directory sync
	Start-Process -FilePath "C:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe" -ArgumentList Initial

	# To perform a delta directory sync
	Start-Process -FilePath "C:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe" -ArgumentList Delta

	#endregion

	#region Trigger a Full Password Sync in Azure AD Sync
	# Get All Connectors
	$adConnector = Get-ADSyncConnector \| % {$_.Type -eq "AD"}
	$aadConnector = Get-ADSyncConnector \| % {$_.Type -eq "Extensible2" -or $_.SubType -like "Azure"}

	$c = Get-ADSyncConnector -Name $adConnector.Name
	$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null
	$p.Value = 1
	$c.GlobalParameters.Remove($p.Name)
	$c.GlobalParameters.Add($p)
	$c = Add-ADSyncConnector -Connector $c

	Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector.Name -TargetConnector $aadConnector.Name -Enable $false
	Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector.Name -TargetConnector $aadConnector.Name -Enable $true
	#endregion

	# Get the latest event of the password change
	(Get-EventLog -LogName Application \| where {$_.EventID -eq "656"} \| select -First 1).Message
	(Get-EventLog -LogName Application \| where {$_.EventID -eq "656"} \| select -First 1).Message