|
Recently I needed to create a quick report that would allow me to see at a glance which accounts in that domain had been synchronised with AD Sync into Azure AD. It wasn’t possible using Get-ADuser and I knew an LDAP query would do the trick. First I had to download a powershell module called System.DirectoryServices.Protocols. Once the module is downloaded run:
|
|
Add-Type -AssemblyName System.DirectoryServices.Protocols Import-Module C:\Cloudwyse\Tools\S.DS.P.psm1
|
|
Then to query the information I required I ran:
|
|
$MigratedUsers=Find-LdapObject -SearchFilter:"(msDS-ExternalDirectoryObjectId=*)" -SearchBase:"DC=contoso,DC=com" -LdapConnection:"server01.contoso.com" -PageSize 500
|
|
Conversely, if you wanted to find all users that HADN’T been synchronised you could run the following:
|
|
$MigratedUsers=Find-LdapObject -SearchFilter:"(!msDS-ExternalDirectoryObjectId=*)" -SearchBase:"DC=contoso,DC=com" -LdapConnection:"server01.contoso.com" -PageSize 500
|
|
I still had a few service accounts showing so I just filtered these in Excel based on the DN. To export the fil just run…
|
|
Export-CSV C:\Cloudwyse\User_report.csv
|
No comments:
Post a Comment