Tag: AAD Connect

Office 365 / Azure AD Powershell Connect

Most administrative Actions in Office 365/Azure AD can be done through Powershell. Instead of logging in on one of the portal sites, you can easily connect through powershell. I have created a script which can help you connect and shows the last status of DirSync / AAD Connect. The Powershell script does a couple of things

The Script will make use the MSOnline module in powershell, which  can be downloaded by the following link.

The Script

The first part of the Script will import the MSonline Module in the powershell session.

# Scriptname: Connect Azure AD.
# Description: Connect to AzureAD for daily administrattion and check synhealth
# Author: Maarten Camps
# Date: 11-10-2016
#
# Important Note:# Check and install azure ad prequisites can be found here
# https://technet.microsoft.com/en-us/library/dn975125.aspx
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Enable Microsoft Online / AzureAD CMDlets
import-module msonline

When that is done you will be prompted for entering the credentials of the account which is allowed to do the remote administration

remoteadmin1

This will be handled by the following code snippet.

# enter credentials for admin user with appropriate rights to administer azure AD
$UserCredential = Get-Credential -UserName remoteadmin@camps-consultancy.nl -Message “Please login with Office 365 / Azure AD Admin Credentials”
# Connect to Azure ADConnect-MsolService -Credential $UserCredential

After the successful logon some company info will be displayed, the Account where you are logged on and the Name of the Office 365 Account.

# show company information and DirSync status
$SyncStatus = Get-MsolCompanyInformation
Write-host -ForegroundColor yellow “You are connected to AzureAD of” $SyncStatus.DisplayName

Then some useful information will be displayed. If DirSync is disabled a warning will displayed, but when it is enabled the last sync will be displayed. The same goes for the Password Sync.

remoteadmin2

#check if DirSync is enabled and show last sync
if ($SyncStatus.DirectorySynchronizationEnabled -eq $false) {
Write-Warning “Directory Synchronization is disabled”
}
Else {
Write-host “Last DirSync:” $SyncStatus.LastDirSyncTime
}
# Check if password sync is enabled and show last sync
if ($SyncStatus.PasswordSynchronizationEnabled -eq $false){
Write-Warning “Password Synchronization is disabled”
}
Else {
Write-Host “Last PasswordSync:” $SyncStatus.LastPasswordSyncTime
}

remoteadmin3

Last part give a free tip on how to find the msonline cmdlets.

# Give Tip
write-host -ForegroundColor Green “Enjoy AzureAD” $UserCredential.UserName”, use Get-Command get/set/remove-mso* for tasks you can execute!”

Hope this is useful for you. below snippet is the full script.

#
# Scriptname: Connect Azure AD.
# Description: Connect to AzureAD for daily administrattion and check synhealth
# Author: Maarten Camps
# Date: 11-10-2016
#
# Important Note:# Check and install azure ad prequisites can be found here
# https://technet.microsoft.com/en-us/library/dn975125.aspx
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Enable Microsoft Online / AzureAD CMDlets
import-module msonline
# enter credentials for admin user with appropriate rights to administer azure AD
$UserCredential = Get-Credential -UserName remoteadmin@camps-consultancy.nl -Message “Please login with Office 365 / Azure AD Admin Credentials”
# Connect to Azure AD
Connect-MsolService -Credential $UserCredential
# show company information and DirSync status
$SyncStatus = Get-MsolCompanyInformation
Write-host -ForegroundColor yellow “You are connected to AzureAD of” $SyncStatus.DisplayName
#check if DirSync is enabled and show last sync
if ($SyncStatus.DirectorySynchronizationEnabled -eq $false) {
Write-Warning “Directory Synchronization is disabled”
}
Else {
Write-host “Last DirSync:” $SyncStatus.LastDirSyncTime
}
# Check if password sync is enabled and show last sync
if ($SyncStatus.PasswordSynchronizationEnabled -eq $false){
Write-Warning “Password Synchronization is disabled”
}
Else {
Write-Host “Last PasswordSync:” $SyncStatus.LastPasswordSyncTime
}

# Give Tip
write-host -ForegroundColor Green “Enjoy AzureAD” $UserCredential.UserName”, use Get-Command get/set/remove-mso* for tasks you can execute!”

Advertisements