Skip to content

Commit 6baf63d

Browse files
SamErdeSamErde
committed
Add script
1 parent 4c6191e commit 6baf63d

File tree

1 file changed

+108
-0
lines changed

1 file changed

+108
-0
lines changed

Entra/Get-EntraIdSyncAccount.ps1

Lines changed: 108 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,108 @@
1+
Function Get-EntraIdSyncAccount {
2+
<#
3+
.SYNOPSIS
4+
Retrieves the Entra ID Connect directory synchronization account information.
5+
6+
.DESCRIPTION
7+
This function uses Microsoft Graph API to identify the service account
8+
being used by Entra ID Connect for directory synchronization.
9+
10+
.PARAMETER TenantId
11+
The Entra ID tenant ID. If not specified, uses the default tenant.
12+
13+
.EXAMPLE
14+
Get-EntraIdSyncAccount
15+
Retrieves the sync account information for the default tenant.
16+
17+
.EXAMPLE
18+
Get-EntraIdSyncAccount -TenantId "contoso.onmicrosoft.com"
19+
Retrieves the sync account for a specific tenant.
20+
#>
21+
22+
[CmdletBinding()]
23+
Param(
24+
[Parameter(Mandatory = $False)]
25+
[String]$TenantId
26+
)
27+
28+
Try {
29+
# Connect to Microsoft Graph if not already connected
30+
$Context = Get-MgContext -ErrorAction SilentlyContinue
31+
32+
If (-not $Context) {
33+
Write-Host "Connecting to Microsoft Graph..." -ForegroundColor Cyan
34+
If ($TenantId) {
35+
Connect-MgGraph -Scopes "Directory.Read.All", "Organization.Read.All" -TenantId $TenantId -ErrorAction Stop
36+
} Else {
37+
Connect-MgGraph -Scopes "Directory.Read.All", "Organization.Read.All" -ErrorAction Stop
38+
}
39+
}
40+
41+
# Check organization sync status
42+
Write-Host "Checking organization sync status..." -ForegroundColor Cyan
43+
$Organization = Get-MgOrganization -ErrorAction Stop
44+
45+
If ($Organization.OnPremisesSyncEnabled -eq $True) {
46+
Write-Host "Directory synchronization is enabled." -ForegroundColor Green
47+
Write-Host "Last sync: $($Organization.OnPremisesLastSyncDateTime)" -ForegroundColor Green
48+
Write-Host ""
49+
} Else {
50+
Write-Warning "Directory synchronization is not enabled for this tenant."
51+
Return
52+
}
53+
54+
# Search for sync accounts (typically start with "Sync_")
55+
Write-Host "Searching for directory sync accounts..." -ForegroundColor Cyan
56+
$Filter = "startsWith(displayName,'Sync_') or startsWith(userPrincipalName,'Sync_')"
57+
$SyncAccounts = Get-MgUser -Filter $Filter -All -ErrorAction Stop
58+
59+
If ($SyncAccounts) {
60+
Write-Host "Found $($SyncAccounts.Count) sync account(s):" -ForegroundColor Green
61+
Write-Host ""
62+
63+
ForEach ($Account in $SyncAccounts) {
64+
[PSCustomObject]@{
65+
DisplayName = $Account.DisplayName
66+
UserPrincipalName = $Account.UserPrincipalName
67+
ObjectId = $Account.Id
68+
AccountEnabled = $Account.AccountEnabled
69+
CreatedDateTime = $Account.CreatedDateTime
70+
UserType = $Account.UserType
71+
}
72+
}
73+
} Else {
74+
Write-Warning "No sync accounts found with standard naming pattern."
75+
Write-Host "Attempting alternative search..." -ForegroundColor Cyan
76+
77+
# Try finding accounts with directory sync role
78+
$DirectoryRole = Get-MgDirectoryRole -Filter "displayName eq 'Directory Synchronization Accounts'" -ErrorAction SilentlyContinue
79+
80+
If ($DirectoryRole) {
81+
$RoleMembers = Get-MgDirectoryRoleMember -DirectoryRoleId $DirectoryRole.Id -ErrorAction Stop
82+
83+
If ($RoleMembers) {
84+
Write-Host "Found accounts with Directory Synchronization role:" -ForegroundColor Green
85+
Write-Host ""
86+
87+
ForEach ($Member in $RoleMembers) {
88+
$User = Get-MgUser -UserId $Member.Id -ErrorAction SilentlyContinue
89+
If ($User) {
90+
[PSCustomObject]@{
91+
DisplayName = $User.DisplayName
92+
UserPrincipalName = $User.UserPrincipalName
93+
ObjectId = $User.Id
94+
AccountEnabled = $User.AccountEnabled
95+
CreatedDateTime = $User.CreatedDateTime
96+
UserType = $User.UserType
97+
}
98+
}
99+
}
100+
}
101+
} Else {
102+
Write-Warning "Could not find directory synchronization accounts."
103+
}
104+
}
105+
} Catch {
106+
Write-Error "An error occurred: $_"
107+
}
108+
}

0 commit comments

Comments
 (0)