Once you have your Azure AD connector setup properly, you now need to sync AD user objects to Azure AD.
Often organizations choose to sync all the users at once but there may be instances where the AD user objects may be synced to the cloud in multiple batch. Reason to do so may vary with organization to organization.
Here we will use the powershell script to sync list of users, whose sAMAccountName are listed in the text file. The list of users will be imported and will be synced to the cloud one after the other.
The script will also create a log file to log the successful and failed sync. It will log the failed sync using the Try Catch block.
Here we have used extensionAttribute15 attribute to syn the users. AD user whose extensionAttribute15 has been set to "Sync" will be synced to Azure AD in next sync cycle. Different organizations may use different attributes and values to sync the user objects which would have been set at the time of configuring Azure AD.
Below is the script:
$DateTime = (Get-Date).ToString("dd-MM-yyyy")
$UserList = get-content 'D:\UserSync.txt'
$Server = "DC01.contoso.com"
$cred = Get-Credential -Message "Enter the password for the below mentioned account"
$Domain = ($Server.Split('.'))[1]
$filename = "$domain"+"_"+"$datetime"
Write-Host `n "Starting with directory sync for $Domain domain... Please wait" -ForegroundColor Green `n `n `n
foreach ($User in $UserList)
{
Write-Host "Processing user $User" -ForegroundColor Green `n
Try
{
Set-ADUser $User -Server "$Server" -Credential $cred -UserPrincipalName "$User@$domain.com" -Replace @{extensionAttribute15 = "Sync"}
Write-Output "Attrributes set for $user" | Out-File "D:\$filename.txt" -Append
}
Catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]
{
Write-Output "$user not found in $Domain" | Out-File "D:\$filename.txt" -Append
}
Catch
{
Write-Output "$_.exception.message" | Out-File "D:\$filename.txt" -Append
}
}
ความคิดเห็น