- April 18, 2021
- Posted by: Syed Shujaat
- Category: Uncategorized
There are two ways to use Azure AD on-prem – pass-through authentication (sends the authentication request directly to Azure AD) or directory synchronization that syncs password hashes between on-prem AD and Azure AD. In this blog post, we’re going to cover how to get the Azure Active Directory Connect software set up to sync password hashes.
In a nutshell, to force Azure AD to sync with PowerShell requires the following steps:
- Install Azure Active Directory Connect
- Import the ADSync PowerShell module
- Run the
Start-AdSyncSchedule
cmdlet with reads a domain controller’s password hashes and syncs with Azure AD.
If you’re more into learning via video, be sure to check out this informative TechSnips video.
Install Azure AD Connect
To sync on-prem Active Directory to an Azure AD tenant, you’ll first need to download and install the Azure AD Connect software. To do that, you’ve got two options. You can either download it from the Azure Portal or by going directly to the software package.
If you’ve chosen not to download the package from the Microsoft site, you’ll need to get the package from the Azure Portal.
Search for “Azure Active Directory” in the portal. In the Azure Active Directory section, click on Azure AD Connect. Here you will find a Sync Status section with a link to Download Azure AD Connect.
Sync Tools
When you install Azure AD Connect, it will install two primary tools you can use to schedule sync or force sync.
- The ADSync PowerShell module
- The Synchronization Service Manager
Using these two tools, you can set up a recurring (scheduled) sync to routinely perform Azure AD sync. Or, you can use either to force sync ad-hoc. Both tools perform the same behavior. The only difference is one is via the command-line (PowerShell) and one is a GUI application.
Setting up the ADSync PowerShell Module
When you install Azure AD Connect, it will install a PowerShell module called ADSync. This module contains allows you to manage the sync process using PowerShell.
Note that in this article, I am using Windows PowerShell 5.1. Your mileage may vary if you’re using an older version.
As with all PowerShell modules, importing the module is straightforward. However, the module is not located in a known Windows PowerShell modules folder. The installation installs the PowerShell module in the C:\Program Files\Microsoft Azure AD Connect Sync\Bin folder.
To import the module, open a PowerShell console and enter the following:
PS51> Import-Module –Name "C:\Program Files\Microsoft Azure AD Sync\Bin\ADSync" -Verbose
To verify that the module has imported, use Get-Module
. You should see the ADSync module listed.