Friday, 8 February 2019

Powershell LDAP query to find Azure / O365 users synchronised with AD Sync



Recently I needed to create a quick report that would allow me to see at a glance which accounts in that domain had been synchronised with AD Sync into Azure AD.  It wasn’t possible using Get-ADuser and I knew an LDAP query would do the trick.  First I had to download a powershell module called System.DirectoryServices.Protocols.  Once the module is downloaded run:



Add-Type -AssemblyName System.DirectoryServices.Protocols

Import-Module C:\Cloudwyse\Tools\S.DS.P.psm1


Then to query the information I required I ran:



$MigratedUsers=Find-LdapObject -SearchFilter:"(msDS-ExternalDirectoryObjectId=*)" -SearchBase:"DC=contoso,DC=com" -LdapConnection:"" -PageSize 500



Conversely, if you wanted to find all users that HADN’T been synchronised you could run the following:



$MigratedUsers=Find-LdapObject -SearchFilter:"(!msDS-ExternalDirectoryObjectId=*)" -SearchBase:"DC=contoso,DC=com" -LdapConnection:"" -PageSize 500



I still had a few service accounts showing so I just filtered these in Excel based on the DN.  To export the fil just run…



Export-CSV C:\Cloudwyse\User_report.csv




No comments:

Post a Comment