Auto AD Connect Password Sync Status-Clean
Log In or Register to download the BES file, and more.

0 Votes

Description

This task will Export Ad Connect information so that you can have Auto ADConnect password Hash sync fix-Clean running and see when the Hash sync has failed.

Property Details

ID27004
StatusQA - Ready for Production Level Testing
TitleAuto AD Connect Password Sync Status-Clean
Download Size819
Source Release Date6/19/2023 8:24:17 AM
KeywordsAD Connect Password Hash Sync FIx
Is TaskTrue
Added by on 6/19/2023 8:24:17 AM
Last Modified by on 6/19/2023 8:25:28 AM
Counters 831 Views / 1 Download
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 2 fixlets   * Results in a true/false
Show indented relevance
member of group 1193930 of site "CustomSite__FIX"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
(not exists file "C:\Bes\AzureADpasswordSync.txt") or (now - modification time of file "C:\Bes\AzureADpasswordSync.txt" > 3*hour) or (not exists file "C:\Bes\AzureADpasswordSyncStaging.txt") or (now - modification time of file "C:\Bes\AzureADpasswordSyncStaging.txt" > 3*hour) or (not exists file "C:\Bes\AzureADpasswordSynclocaldomain.txt") or not exists file "C:\Bes\AzureADpasswordSyncAzuredomain.txt"

Actions

Action 1 (default)

Action Link Click here to initiate the deployment process.
Script Type BigFix Action Script
action uses wow64 redirection false
delete C:\Bes\AzureADpasswordSyncStaging.txt
delete C:\Bes\AzureADpasswordSync.txt
delete C:\Bes\AzureADpasswordSyncAzuredomain.txt
delete C:\Bes\AzureADpasswordSynclocaldomain.txt
delete C:\Bes\AzureADpasswordSyncStaging.ps1
folder create "C:\Bes\"
//Get Staging Status and domain information
createfile until End_of_File
Start-Transcript -Path C:\Bes\AzureADpasswordSyncStaging.txt
Import-Module ADSync
$aadSyncSettings=Get-ADSyncGlobalSettings
($aadSyncSettings.parameters | ?{{$_.name -eq "Microsoft.Synchronize.StagingMode"})
Stop-Transcript
Get-ADSyncConnector | Where-Object {{$_.SubType -eq "Windows Azure Active Directory (Microsoft)"} | Out-File -FilePath C:\Bes\AzureADpasswordSyncAzuredomain.txt
Get-ADSyncConnector | Where-Object {{$_.ConnectorTypeName -eq "AD"} | Out-File -FilePath C:\Bes\AzureADpasswordSynclocaldomain.txt
Start-Transcript -Path C:\BES\AzureADpasswordSync.txt
$connectors = Get-ADSyncConnector
$aadConnectors = $connectors | Where-Object {{$_.SubType -eq "Windows Azure Active Directory (Microsoft)"}
$adConnectors = $connectors | Where-Object {{$_.ConnectorTypeName -eq "AD"}
if ($aadConnectors -ne $null -and $adConnectors -ne $null)
{{
if ($aadConnectors.Count -eq 1)
{{
$features = Get-ADSyncAADCompanyFeature

Write-Host
Write-Host "Password sync feature enabled in your Azure AD directory: " $features.PasswordHashSync
foreach ($adConnector in $adConnectors)
{{
Write-Host
Write-Host "Password sync channel status BEGIN ------------------------------------------------------- "
Write-Host
Get-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector.Name
Write-Host
$pingEvents =
Get-EventLog -LogName "Application" -Source "Directory Synchronization" -InstanceId 654 -After (Get-Date).AddHours(-3) |
Where-Object {{ $_.Message.ToUpperInvariant().Contains($adConnector.Identifier.ToString("D").ToUpperInvariant()) } |
Sort-Object {{ $_.Time } -Descending
if ($pingEvents -ne $null)
{{
Write-Host "Latest heart beat event (within last 3 hours). Time " $pingEvents[0].TimeWritten
}
else
{{
Write-Warning "No ping event found within last 3 hours."
}
Write-Host
Write-Host "Password sync channel status END ------------------------------------------------------- "
Write-Host
}
}

else
{{
Write-Warning "More than one Azure AD Connectors found. Please update the script to use the appropriate Connector."
}
}
Write-Host
if ($aadConnectors -eq $null)
{{
Write-Warning "No Azure AD Connector was found."
}
if ($adConnectors -eq $null)
{{
Write-Warning "No AD DS Connector was found."
}
Write-Host
Stop-Transcript
End_of_File

copy __createfile C:\Bes\AzureADpasswordSyncStaging.ps1
waithidden { pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry) } -ExecutionPolicy Bypass -File C:\Bes\AzureADpasswordSyncStaging.ps1

delete C:\Bes\AzureADpasswordSyncStaging.ps1
Success Criteria

This action will be considered successful when all lines of the action script have completed successfully.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!