Feb
08
2019
0
Recently I needed to create a quick report that would allow me to see at a glance which accounts in that domain had been synchronised with AD Sync into Azure AD. It wasn’t possible using Get-ADuser and I knew an LDAP query would do the trick. First I had to download a powershell module called System.DirectoryServices.Protocols. Once the module is downloaded run:
|
1 2 |
[cc lang="powershell"]Add-Type -AssemblyName System.DirectoryServices.Protocols Import-Module C:\Cloudwyse\Tools\S.DS.P.psm1[/cc] |
Then to query the information I required I ran:
|
1 |
[cc lang="powershell"]$MigratedUsers=Find-LdapObject -SearchFilter:"(msDS-ExternalDirectoryObjectId=*)" -SearchBase:"DC=contoso,DC=com" -LdapConnection:"server01.contoso.com" -PageSize 500[/cc] |
Conversely, if you wanted to find all users that HADN’T been synchronised you could run the following:
|
1 |
[cc lang="powershell"]$MigratedUsers=Find-LdapObject -SearchFilter:"(!msDS-ExternalDirectoryObjectId=*)" -SearchBase:"DC=contoso,DC=com" -LdapConnection:"server01.contoso.com" -PageSize 500[/cc] |
I still had a few service accounts showing so I just filtered these in Excel based on the DN. To export the file just run…
|
1 |
[cc lang="powershell"]Export-CSV C:\Cloudwyse\User_report.csv[/cc] |