Auto ADConnect password Hash sync fix-Clean
Log In or Register to download the BES file, and more.

0 Votes

Description

This Task runs on machines that password hash sync hasn't ran for 3 hours.

 

Property Details

ID27005
StatusQA - Ready for Production Level Testing
TitleAuto ADConnect password Hash sync fix-Clean
DomainBESC
SourceInternal
Source Release Date6/13/2023 12:00:00 AM
KeywordsAD Connect Password Hash Sync FIx
Is TaskTrue
Added by on 6/19/2023 8:26:03 AM
Last Modified by on 6/19/2023 8:26:03 AM
Counters 659 Views / 0 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 2 fixlets   * Results in a true/false
Show indented relevance
member of group 1193930 of site "CustomSite__FIX"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists file "C:\Bes\AzureADpasswordSyncStaging.txt"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists (lines whose (it contains "Value" and it contains "False") of file "C:\Bes\AzureADpasswordSyncStaging.txt")
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists file "C:\Bes\AzureADpasswordSync.txt"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists lines whose (it contains "Password sync feature enabled in your Azure" and it contains "True") of file "C:\Bes\AzureADpasswordSync.txt"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists (lines whose (it as string as lowercase contains " No ping event found within last 3 hours." as lowercase) of files "C:\Bes\AzureADpasswordSync.txt")

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script 
// Force Password Hash sync
action uses wow64 redirection false
createfile until End_of_File
Start-Transcript -Path C:\Bes\AzureADpasswordSyncfix.txt
Import-Module ADSync
$connectors = Get-ADSyncConnector
$aadConnectors = $connectors | Where-Object {{$_.SubType -eq "Windows Azure Active Directory (Microsoft)"}
$adConnectors = $connectors | Where-Object {{$_.ConnectorTypeName -eq "AD"}
$c = Get-ADSyncConnector -Name $adConnectors.Name
$p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null
$p.Value = 1
$c.GlobalParameters.Remove($p.Name)
$c.GlobalParameters.Add($p)
$c = Add-ADSyncConnector -Connector $c
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnectors.Name -TargetConnector $aadConnectors.Name -Enable $false
Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnectors.Name -TargetConnector $aadConnectors.Name -Enable $true
Stop-Transcript
End_of_File

delete C:\Bes\AzureADpasswordSyncfix.ps1
folder create "C:\Bes\"
copy __createfile C:\Bes\AzureADpasswordSyncfix.ps1
waithidden { pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry) } -ExecutionPolicy Bypass -File C:\Bes\AzureADpasswordSyncfix.ps1
delete C:\Bes\AzureADpasswordSyncfix.ps1
//Wait for 5 mins
parameter "adesso"="{now as string}"
dos time /T > C:\bes\pio.txt 
pause while {(now - ((parameter "adesso") as time)) < 5 * minute }
dos time /T >> C:\bes\pio.txt

//check if working
delete C:\Bes\AzureADpasswordSyncStaging.txt
delete C:\Bes\AzureADpasswordSync.txt
delete C:\Bes\AzureADpasswordSyncAzuredomain.txt
delete C:\Bes\AzureADpasswordSynclocaldomain.txt
delete C:\Bes\AzureADpasswordSyncStaging.ps1
folder create "C:\Bes\"
//Get Staging Status and domain information
createfile until End_of_File
Start-Transcript -Path C:\Bes\AzureADpasswordSyncStaging.txt
Import-Module ADSync
$aadSyncSettings=Get-ADSyncGlobalSettings
($aadSyncSettings.parameters | ?{{$_.name -eq "Microsoft.Synchronize.StagingMode"})
Stop-Transcript
Get-ADSyncConnector | Where-Object {{$_.SubType -eq "Windows Azure Active Directory (Microsoft)"} | Out-File -FilePath C:\Bes\AzureADpasswordSyncAzuredomain.txt
Get-ADSyncConnector | Where-Object {{$_.ConnectorTypeName -eq "AD"} | Out-File -FilePath C:\Bes\AzureADpasswordSynclocaldomain.txt
Start-Transcript -Path C:\BES\AzureADpasswordSync.txt
$connectors = Get-ADSyncConnector
$aadConnectors = $connectors | Where-Object {{$_.SubType -eq "Windows Azure Active Directory (Microsoft)"}
$adConnectors = $connectors | Where-Object {{$_.ConnectorTypeName -eq "AD"}
if ($aadConnectors -ne $null -and $adConnectors -ne $null)
{{
    if ($aadConnectors.Count -eq 1)
    {{
        $features = Get-ADSyncAADCompanyFeature
    
        Write-Host
        Write-Host "Password sync feature enabled in your Azure AD directory: "  $features.PasswordHashSync
        foreach ($adConnector in $adConnectors)
        {{
            Write-Host
            Write-Host "Password sync channel status BEGIN ------------------------------------------------------- "
            Write-Host
            Get-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector.Name
            Write-Host
            $pingEvents =
                Get-EventLog -LogName "Application" -Source "Directory Synchronization" -InstanceId 654  -After (Get-Date).AddHours(-3) |
                    Where-Object {{ $_.Message.ToUpperInvariant().Contains($adConnector.Identifier.ToString("D").ToUpperInvariant()) } |
                    Sort-Object {{ $_.Time } -Descending
            if ($pingEvents -ne $null)
            {{
                Write-Host "Latest heart beat event (within last 3 hours). Time " $pingEvents[0].TimeWritten
            }
            else
            {{
                Write-Warning "No ping event found within last 3 hours."
            }
            Write-Host
            Write-Host "Password sync channel status END ------------------------------------------------------- "
            Write-Host
        }
    }
   
    else
    {{
        Write-Warning "More than one Azure AD Connectors found. Please update the script to use the appropriate Connector."
    }
}
Write-Host
if ($aadConnectors -eq $null)
{{
    Write-Warning "No Azure AD Connector was found."
}
if ($adConnectors -eq $null)
{{
    Write-Warning "No AD DS Connector was found."
}
Write-Host
Stop-Transcript
End_of_File

copy __createfile C:\Bes\AzureADpasswordSyncStaging.ps1
waithidden { pathname of file ((it as string) of value "Path" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" of native registry) } -ExecutionPolicy Bypass -File C:\Bes\AzureADpasswordSyncStaging.ps1
delete C:\Bes\AzureADpasswordSyncStaging.ps1
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as